%0 Journal Article
%T Research on Design Vulnerabilities Class<br>设计类脆弱性研究
%A LI Yi
%A LI Xin-Ming
%A JIANG Xiang-Gang Institution of Command
%A Technology of Equipment
%A Beijing Institute of Beijing Electronic Science
%A Technology
%A Beijing
%A <br>李艺
%A 李新明
%A 姜湘岗
%J 计算机科学
%D 2005
%I 
%X This paper analyzes the existing taxonomies of software vulnerability. For Unix/Linux operation systerm, this paper proposes two-dimensional taxonomy of software vulnerability based on location and cause attributes,and describes the classification scheme of software vulnerabilities according to their cause. Design vulnerabilities class is an important class of vulnerabilites, but no existing classification identifies the types of design vulnerabilities in further detail yet. This paper elaborates on the aspect of research on design vulnerabilities and proposes the classification schema which divides design vulnerabilities into following subclasses: limit vulnerabilities, unsatisfied requirement vul- nerabilities, security design vulnerabilities, exception handling vulnerabilities, restricted function vulnerabilities and random result vulnerabilities. This paper gives the definition and typical examples of every subclass.
%K Vulnerability
%K Taxonomy
%K Operating system
%K Network
%K Software engineering<br>脆弱性
%K 分类法
%K 操作系统
%K 网络
%K 软件工程
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=64A12D73428C8B8DBFB978D04DFEB3C1&aid=520D30A1095887F4&yid=2DD7160C83D0ACED&vid=9971A5E270697F23&iid=E158A972A605785F&sid=CEC789B3C68C3BB3&eid=AD16A18DBD734D13&journal_id=1002-137X&journal_name=计算机科学&referenced_num=0&reference_num=6