, 26 3.3.1 Exploiting testing methods, p.28
, 33 3.5.1 Analyzing device vulnerabilities, p.36
, Increasing Android Security using a Lightweight OVAL-based Vulnerability Assessment Framework International peer-reviewed conferences ? Martín Barrère, Rémi Badonnel, and Olivier Festor. A SAT-based Autonomous Strategy for Security Vulnerability Management, Book chapter based on our paper selected from the 5th International Symposium on Configuration Analytics and Automation (SafeConfig'12) Proceedings of the IEEE/IFIP Network Operations and Management Symposium (NOMS'14 Mini-Conference, pp.41-58, 2012.
, A Probabilistic Costefficient Approach for Mobile Security Assessment, Proceedings of the 9th IEEE International Conference on Network and Service Management (CNSM'13), 2013.
, Improving Present Security through the Detection of Past Hidden Vulnerable States, Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM'13), Mini-Conference, 2013.
, Collaborative Remediation of Configuration Vulnerabilities in Autonomic Networks and Systems, Proceedings of the 8th IEEE International Conference on Network and Service Management (CNSM'12), Mini- Conference, 2012.
, Vulnerability analysis For evaluating quality of protection of security policies, Proceedings of the 2nd ACM workshop on Quality of protection , QoP '06, 2006.
DOI : 10.1145/1179494.1179505
, Network security approach for digital forensics analysis, 2008 International Conference on Computer Engineering & Systems, pp.263-267, 2008.
DOI : 10.1109/ICCES.2008.4773009
, A survey of information-centric networking, IEEE Communications Magazine, vol.50, issue.7, pp.26-36, 2012.
DOI : 10.1109/MCOM.2012.6231276
, A Novel Quantitative Approach For Measuring Network Security, IEEE INFOCOM 2008, The 27th Conference on Computer Communications, pp.1957-1965, 2008.
DOI : 10.1109/INFOCOM.2008.260
, Towards autonomic risk-aware security configuration, NOMS 2008, 2008 IEEE Network Operations and Management Symposium, pp.722-725, 2008.
DOI : 10.1109/NOMS.2008.4575198
, Runtime Configuration Validation for Self-Configurable Systems, Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM'13), pp.712-715, 2013.
URL : https://hal.archives-ouvertes.fr/hal-01150344
, Towards a validation framework for dynamic reconfiguration, 2010 International Conference on Network and Service Management, pp.314-317, 2010.
DOI : 10.1109/CNSM.2010.5691219
, Time-efficient and cost-effective network hardening using attack graphs, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), pp.1-12, 2012.
DOI : 10.1109/DSN.2012.6263942
, A Survey of Applications of Wireless Sensors and Wireless Sensor Networks, Proceedings of the 13th Mediterrean Conference on Control and Automation, pp.719-724, 2005.
, Self-Management Framework for Mobile Autonomous Systems, Journal of Network and Systems Management, vol.279, issue.3, pp.244-275, 2012.
DOI : 10.1007/s10922-011-9201-5
, Feedback Systems: An Introduction for Scientists and Engineers, 2008.
, The Internet of Things: A survey, Computer Networks, vol.54, issue.15, pp.2787-2805, 2010.
DOI : 10.1016/j.comnet.2010.05.010
, The Fundamentals of Aircraft Combat Survivability Analysis and Design, 2003.
DOI : 10.2514/4.861239
, The Technical Specification for the Security Content Automation Protocol (SCAP) Nist Special Publication, 2011.
, Data Center Network Virtualization: A Survey, IEEE Communications Surveys & Tutorials, vol.15, issue.2, pp.909-928, 2013.
DOI : 10.1109/SURV.2012.090512.00043
, Internet of Things as a Methodological Concept, 2013 Fourth International Conference on Computing for Geospatial Research and Application, pp.48-55, 2013.
DOI : 10.1109/COMGEO.2013.8
, Supporting Vulnerability Awareness in Autonomic Networks and Systems with OVAL, Proceedings of the 7th IEEE International Conference on Network and Service Management (CNSM'11), 2011.
, Towards the assessment of distributed vulnerabilities in autonomic networks and systems, 2012 IEEE Network Operations and Management Symposium, pp.335-342, 2012.
DOI : 10.1109/NOMS.2012.6211916
, Towards machine-assisted formal procedures for the collection of digital evidence, 2011 Ninth Annual International Conference on Privacy, Security and Trust, pp.32-35, 2011.
DOI : 10.1109/PST.2011.5971960
, Automatically securing permission-based software by reducing the attack surface: an application to Android, Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, ASE 2012, 1206.
DOI : 10.1145/2351676.2351722
URL : https://hal.archives-ouvertes.fr/hal-00700074
, Vulnerability Markets. What is the Economic Value of a Zero-Day Exploit, Proceedings of the 22nd Chaos Communication Congress, 2005.
, A System Engineer's Guide to Host Configuration and Maintenance Using Cfengine, of Short Topics in System Administration. USENIX Association, 2007.
, Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility, Future Generation Computer Systems, vol.25, issue.6, pp.599-616, 2009.
DOI : 10.1016/j.future.2008.12.001
, Towards Generating High Coverage Vulnerability-Based Signatures with Protocol-Level Constraint-Guided Exploration, Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection (RAID'09)33] CAPEC, Common Attack Pattern Enumeration and Classification, pp.161-181, 2009.
DOI : 10.1007/978-3-642-04342-0_9
URL : http://bitblaze.cs.berkeley.edu/papers/fieldsig_raid09.pdf
, A Modified O(n) Leader Election Algorithm for Complete Networks, Proceedings of the 15th Euromicro International Conference on Parallel, Distributed and Network-Based Processing, PDP '07, pp.189-198, 2007.
, Risk and Vulnerability Assessment of Secure Autonomic Communication Networks, The 2nd International Conference on Wireless Broadband and Ultra Wideband Communications (AusWireless 2007), pp.40-40, 2007.
DOI : 10.1109/AUSWIRELESS.2007.67
, Dynamic Dependencies and Performance Improvement, Proceedings of the 22nd conference on Large Installation System Administration Conference, pp.9-21, 2008.
, The complexity of theorem-proving procedures, Proceedings of the third annual ACM symposium on Theory of computing , STOC '71, pp.151-158, 1971.
DOI : 10.1145/800157.805047
, Network forensics analysis, IEEE Internet Computing, vol.6, issue.6, pp.60-66, 2002.
DOI : 10.1109/MIC.2002.1067738
, Cyber Observable eXpression, 2013.
, Dynamic exposure control in P2PSIP networks, 2012 IEEE Network Operations and Management Symposium, pp.261-268, 2012.
DOI : 10.1109/NOMS.2012.6211907
URL : https://hal.archives-ouvertes.fr/hal-00747508
, Configuration Fuzzing for Software Vulnerability Detection, 2010 International Conference on Availability, Reliability and Security, pp.525-530, 2010.
DOI : 10.1109/ARES.2010.22
, The Evolving Art of Fuzzing. Software Testing, 2006.
, In Report From the First Digital Forensic Research Workshop (DFRWS), 2001.
, Predicting Labor Cost through IT Management Complexity Metrics, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management, pp.274-283, 2007.
DOI : 10.1109/INM.2007.374792
, A survey of autonomic communications, ACM Transactions on Autonomous and Adaptive Systems, vol.1, issue.2, pp.223-259, 2006.
DOI : 10.1145/1186778.1186782
, A Study of Android Application Security, Proceedings of the 20th USENIX Conference on Security, SEC'11. USENIX Association, 2011.
, Understanding Android Security, IEEE Security & Privacy Magazine, vol.7, issue.1, pp.50-57, 2009.
DOI : 10.1109/MSP.2009.26
, On the management of virtual networks, IEEE Communications Magazine, vol.51, issue.7, pp.80-88, 2013.
DOI : 10.1109/MCOM.2013.6553682
, A survey of mobile malware in the wild, Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, SPSM '11, pp.3-14, 2011.
DOI : 10.1145/2046614.2046618
, Architectural Styles and the Design of Network-based Software Architectures , PhD. Dissertation, 2000.
, [71] P. Foreman. Vulnerability Management Information Security Trammel. Modelling the Security Ecosystem -The Dynamics of (In)Security, Proceedings of the Workshop on the Economics of Information Security (WEIS'09), 2009.
, Elections in a Distributed Computing System, IEEE Transactions on Computers, vol.31, issue.1, pp.48-59, 1982.
DOI : 10.1109/TC.1982.1675885
, Principles of Data Mining, Drug Safety, vol.15, issue.2, 2001.
DOI : 10.2165/00002018-200730070-00010
, Introduction to Automata Theory, Languages, and Computation, 2006.
DOI : 10.1145/568438.568455
, A survey of autonomic computing???degrees, models, and applications, ACM Computing Surveys, vol.40, issue.3, pp.1-728, 2008.
DOI : 10.1145/1380584.1380585
, Taxonomies of attacks and vulnerabilities in computer systems, IEEE Communications Surveys & Tutorials, vol.10, issue.1, pp.6-19, 2008.
DOI : 10.1109/COMST.2008.4483667
, Cognitive Radio Wireless Sensor Networks: Applications, Challenges and Research Trends, Sensors, vol.13, issue.9, pp.11196-11228, 2013.
DOI : 10.3390/s130911196
URL : http://doi.org/10.3390/s130911196
, The vision of autonomic computing, Computer, vol.36, issue.1, pp.41-50, 2003.
DOI : 10.1109/MC.2003.1160055
, Enabling Self-Configuration in Autonomic Systems Using Case-Based Reasoning with Improved Efficiency, Fourth International Conference on Autonomic and Autonomous Systems (ICAS'08), pp.112-117, 2008.
DOI : 10.1109/ICAS.2008.44
, Connecting Low-Power and Lossy Networks to the Internet, IEEE Communications Magazine, vol.49, issue.4, pp.96-101, 2011.
, A Vulnerability Assessment Tool Based on OVAL in Linux System, Network and Parallel Computing, pp.653-660, 2004.
DOI : 10.1007/978-3-540-30141-7_95
, Juxtapp and DStruct: Detection of Similarity Among Android Applications, 2012.
, An Annotated Review of Past Papers on Attack Graphs, 2005.
, https://www.mylookout.com/mobile-threat-report, 2013.
, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning, 2009.
, Creating a Patch and Vulnerability Management Program, 2005.
DOI : 10.6028/NIST.SP.800-40ver2
, A Survey of Autonomic Network Architectures and Evaluation Criteria, IEEE Communications Surveys & Tutorials, vol.14, issue.2, pp.1-27, 2011.
DOI : 10.1109/SURV.2011.042711.00078
URL : https://hal.archives-ouvertes.fr/hal-01168689
, http://www.tenable.com/products/nessus, 2013.
, [114] OSVDB, The Open Source Vulnerability Database, 2013.
, A scalable approach to attack graph generation, Proceedings of the 13th ACM conference on Computer and communications security , CCS '06, pp.336-345, 2006.
DOI : 10.1145/1180405.1180446
, the OVAL Interpreter reference implementation, 2013.
, ACML: Capability Based Attack Modeling Language, 2008 The Fourth International Conference on Information Assurance and Security, pp.147-154, 2008.
DOI : 10.1109/IAS.2008.26
, Software Testing, 2005.
, Dynamic Security Risk Management Using Bayesian Attack Graphs, IEEE Transactions on Dependable and Secure Computing, vol.9, issue.1, pp.61-74, 2012.
DOI : 10.1109/TDSC.2011.34
, A survey of recent advances in SAT-based formal verification, International Journal on Software Tools for Technology Transfer, vol.35, issue.2, pp.156-173, 2005.
DOI : 10.1007/s10009-004-0183-4
, Extending logical attack graphs for efficient vulnerability analysis, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, pp.63-74, 2008.
DOI : 10.1145/1455770.1455780
, Virtualization: A Survey on Concepts, Taxonomy and Associated Security Issues, 2010 Second International Conference on Computer and Network Technology, pp.222-226, 2010.
DOI : 10.1109/ICCNT.2010.49
, Towards Autonomic Network Management: an Analysis of Current and Future Research Directions, IEEE Communications Surveys & Tutorials, vol.11, issue.3, pp.22-36, 2009.
DOI : 10.1109/SURV.2009.090303
, Change Priority Determination in IT Service Management Based on Risk Exposure, IEEE Transactions on Network and Service Management, vol.5, issue.3, pp.178-187, 2008.
DOI : 10.1109/TNSM.2009.031105
, A framework for measuring the vulnerability of hosts, 2008 1st International Conference on Information Technology, pp.1-4, 2008.
DOI : 10.1109/INFTECH.2008.4621610
, Decision support for service transition management Enforce change scheduling by performing change risk and business impact analysis, NOMS 2008, 2008 IEEE Network Operations and Management Symposium, pp.200-207, 2008.
DOI : 10.1109/NOMS.2008.4575135
, Van Jacobson: Content-Centric Networking, Computer, vol.46, issue.1, pp.11-13, 2013.
DOI : 10.1109/MC.2013.34
, Are we ready for SDN? Implementation challenges for software-defined networks, IEEE Communications Magazine, vol.51, issue.7, pp.5136-5179, 2013.
DOI : 10.1109/MCOM.2013.6553676
, Google Android: A Comprehensive Security Assessment, IEEE Security & Privacy Magazine, vol.8, issue.2, pp.35-44, 2010.
DOI : 10.1109/MSP.2010.2
, Automated generation and analysis of attack graphs, Proceedings 2002 IEEE Symposium on Security and Privacy, p.273, 2002.
DOI : 10.1109/SECPRI.2002.1004377
, Engineering Policy-Based Ubiquitous Systems, The Computer Journal, vol.53, issue.7, pp.1113-1127, 2010.
DOI : 10.1093/comjnl/bxp102
, Survivable Security Systems Through Autonomicity, Proceedings of the Second international Conference on Radical Agent Concepts: innovative Concepts for Autonomic and Agent-Based Systems, WRAC'05, pp.379-389, 2006.
DOI : 10.1007/11596042_125
, Gaussian elimination is not optimal, Numerische Mathematik, vol.13, issue.4, pp.354-356, 1007.
DOI : 10.1007/BF02165411
URL : http://www.digizeitschriften.de/download/PPN362160546_0013/PPN362160546_0013___log38.pdf
, Using Bayesian belief networks for change impact analysis in architecture design, Journal of Systems and Software, vol.80, issue.1, pp.127-148, 2007.
DOI : 10.1016/j.jss.2006.04.004
, A requires/provides model for computer attacks, Proceedings of the 2000 workshop on New security paradigms , NSPW '00, pp.31-38, 2000.
DOI : 10.1145/366173.366187
, Distributed Case-Based Reasoning for Fault Management, Proceedings of the 1st international conference on Autonomous Infrastructure, Management and Security: Inter-Domain Management (AIMS'07), pp.200-203, 2007.
DOI : 10.1007/978-3-540-72986-0_25
, NETCONF Interoperability Testing, Proceedings of the Third International Conference on Autonomous Infrastructure, Management and Security (AIMS'09), pp.83-94, 2009.
DOI : 10.1007/11567486_16
, Autonomous and Autonomic Systems: With Applications to NASA Intelligent Spacecraft Operations and Exploration Systems, 2009.
DOI : 10.1007/b105417
, All Your Droid Are Belong To Us: A Survey of Current Android Attacks, Proceedings of the 5th USENIX Conference on Offensive Technologies, pp.10-10, 2011.
, Automating Network and Service Configuration using NET- CONF and YANG, Proceedings of the 25th International Conference on Large Installation System Administration, pp.22-22, 2011.
, OVM, Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research Cyber Security and Information Intelligence Challenges and Strategies, CSIIRW '09, pp.1-34, 2009.
DOI : 10.1145/1558607.1558646
, TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection, 2010 IEEE Symposium on Security and Privacy, pp.497-512, 2010.
DOI : 10.1109/SP.2010.37
, A Graph Based Approach Toward Network Forensics Analysis, ACM Transactions on Information and System Security, vol.12, issue.1, 2008.
DOI : 10.1145/1410234.1410238
, Improving IT Change Management Processes with Automated Risk Assessment, Proceedings of the IEEE International Workshop on Distributed Systems: Operations and Management (DSOM'09), pp.71-84, 2009.
DOI : 10.1007/978-3-642-04989-7_6
, Improve IT Security with Vulnerability Management, 2005.
, A Survey of Information-Centric Networking Research, IEEE Communications Surveys & Tutorials, vol.16, issue.2, pp.1-26, 2013.
DOI : 10.1109/SURV.2013.070813.00063
, Denial of service attack and prevention on SIP VoIP infrastructures using DNS flooding, Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications, IPTComm '07, pp.57-66, 2007.
DOI : 10.1145/1326304.1326314
, Specification for the Extensible Configuration Checklist Description Format (XCCDF) NIST (National Institute of Standards and Technology), 2013.