26 3.3.1 Exploiting testing methods, p.28 ,
33 3.5.1 Analyzing device vulnerabilities, p.36 ,
Increasing Android Security using a Lightweight OVAL-based Vulnerability Assessment Framework International peer-reviewed conferences ? Martín Barrère, Rémi Badonnel, and Olivier Festor. A SAT-based Autonomous Strategy for Security Vulnerability Management, Book chapter based on our paper selected from the 5th International Symposium on Configuration Analytics and Automation (SafeConfig'12) Proceedings of the IEEE/IFIP Network Operations and Management Symposium (NOMS'14 Mini-Conference, pp.41-58, 2012. ,
A Probabilistic Costefficient Approach for Mobile Security Assessment, Proceedings of the 9th IEEE International Conference on Network and Service Management (CNSM'13), 2013. ,
Improving Present Security through the Detection of Past Hidden Vulnerable States, Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM'13), Mini-Conference, 2013. ,
Collaborative Remediation of Configuration Vulnerabilities in Autonomic Networks and Systems, Proceedings of the 8th IEEE International Conference on Network and Service Management (CNSM'12), Mini- Conference, 2012. ,
Vulnerability analysis For evaluating quality of protection of security policies, Proceedings of the 2nd ACM workshop on Quality of protection , QoP '06, 2006. ,
DOI : 10.1145/1179494.1179505
Network security approach for digital forensics analysis, 2008 International Conference on Computer Engineering & Systems, pp.263-267, 2008. ,
DOI : 10.1109/ICCES.2008.4773009
A survey of information-centric networking, IEEE Communications Magazine, vol.50, issue.7, pp.26-36, 2012. ,
DOI : 10.1109/MCOM.2012.6231276
A Novel Quantitative Approach For Measuring Network Security, IEEE INFOCOM 2008, The 27th Conference on Computer Communications, pp.1957-1965, 2008. ,
DOI : 10.1109/INFOCOM.2008.260
Towards autonomic risk-aware security configuration, NOMS 2008, 2008 IEEE Network Operations and Management Symposium, pp.722-725, 2008. ,
DOI : 10.1109/NOMS.2008.4575198
Runtime Configuration Validation for Self-Configurable Systems, Proceedings of the IFIP/IEEE International Symposium on Integrated Network Management (IM'13), pp.712-715, 2013. ,
URL : https://hal.archives-ouvertes.fr/hal-01150344
Towards a validation framework for dynamic reconfiguration, 2010 International Conference on Network and Service Management, pp.314-317, 2010. ,
DOI : 10.1109/CNSM.2010.5691219
Time-efficient and cost-effective network hardening using attack graphs, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), pp.1-12, 2012. ,
DOI : 10.1109/DSN.2012.6263942
A Survey of Applications of Wireless Sensors and Wireless Sensor Networks, Proceedings of the 13th Mediterrean Conference on Control and Automation, pp.719-724, 2005. ,
Self-Management Framework for Mobile Autonomous Systems, Journal of Network and Systems Management, vol.279, issue.3, pp.244-275, 2012. ,
DOI : 10.1007/s10922-011-9201-5
Feedback Systems: An Introduction for Scientists and Engineers, 2008. ,
The Internet of Things: A survey, Computer Networks, vol.54, issue.15, pp.2787-2805, 2010. ,
DOI : 10.1016/j.comnet.2010.05.010
The Fundamentals of Aircraft Combat Survivability Analysis and Design, 2003. ,
DOI : 10.2514/4.861239
The Technical Specification for the Security Content Automation Protocol (SCAP) Nist Special Publication, 2011. ,
Data Center Network Virtualization: A Survey, IEEE Communications Surveys & Tutorials, vol.15, issue.2, pp.909-928, 2013. ,
DOI : 10.1109/SURV.2012.090512.00043
Internet of Things as a Methodological Concept, 2013 Fourth International Conference on Computing for Geospatial Research and Application, pp.48-55, 2013. ,
DOI : 10.1109/COMGEO.2013.8
Supporting Vulnerability Awareness in Autonomic Networks and Systems with OVAL, Proceedings of the 7th IEEE International Conference on Network and Service Management (CNSM'11), 2011. ,
Towards the assessment of distributed vulnerabilities in autonomic networks and systems, 2012 IEEE Network Operations and Management Symposium, pp.335-342, 2012. ,
DOI : 10.1109/NOMS.2012.6211916
Towards machine-assisted formal procedures for the collection of digital evidence, 2011 Ninth Annual International Conference on Privacy, Security and Trust, pp.32-35, 2011. ,
DOI : 10.1109/PST.2011.5971960
Automatically securing permission-based software by reducing the attack surface: an application to Android, Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering, ASE 2012, 1206. ,
DOI : 10.1145/2351676.2351722
URL : https://hal.archives-ouvertes.fr/hal-00700074
Vulnerability Markets. What is the Economic Value of a Zero-Day Exploit, Proceedings of the 22nd Chaos Communication Congress, 2005. ,
A System Engineer's Guide to Host Configuration and Maintenance Using Cfengine, of Short Topics in System Administration. USENIX Association, 2007. ,
Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility, Future Generation Computer Systems, vol.25, issue.6, pp.599-616, 2009. ,
DOI : 10.1016/j.future.2008.12.001
Towards Generating High Coverage Vulnerability-Based Signatures with Protocol-Level Constraint-Guided Exploration, Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection (RAID'09)33] CAPEC, Common Attack Pattern Enumeration and Classification, pp.161-181, 2009. ,
DOI : 10.1007/978-3-642-04342-0_9
URL : http://bitblaze.cs.berkeley.edu/papers/fieldsig_raid09.pdf
A Modified O(n) Leader Election Algorithm for Complete Networks, Proceedings of the 15th Euromicro International Conference on Parallel, Distributed and Network-Based Processing, PDP '07, pp.189-198, 2007. ,
Risk and Vulnerability Assessment of Secure Autonomic Communication Networks, The 2nd International Conference on Wireless Broadband and Ultra Wideband Communications (AusWireless 2007), pp.40-40, 2007. ,
DOI : 10.1109/AUSWIRELESS.2007.67
Dynamic Dependencies and Performance Improvement, Proceedings of the 22nd conference on Large Installation System Administration Conference, pp.9-21, 2008. ,
The complexity of theorem-proving procedures, Proceedings of the third annual ACM symposium on Theory of computing , STOC '71, pp.151-158, 1971. ,
DOI : 10.1145/800157.805047
Network forensics analysis, IEEE Internet Computing, vol.6, issue.6, pp.60-66, 2002. ,
DOI : 10.1109/MIC.2002.1067738
Cyber Observable eXpression, 2013. ,
Dynamic exposure control in P2PSIP networks, 2012 IEEE Network Operations and Management Symposium, pp.261-268, 2012. ,
DOI : 10.1109/NOMS.2012.6211907
URL : https://hal.archives-ouvertes.fr/hal-00747508
Configuration Fuzzing for Software Vulnerability Detection, 2010 International Conference on Availability, Reliability and Security, pp.525-530, 2010. ,
DOI : 10.1109/ARES.2010.22
The Evolving Art of Fuzzing. Software Testing, 2006. ,
In Report From the First Digital Forensic Research Workshop (DFRWS), 2001. ,
Predicting Labor Cost through IT Management Complexity Metrics, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management, pp.274-283, 2007. ,
DOI : 10.1109/INM.2007.374792
A survey of autonomic communications, ACM Transactions on Autonomous and Adaptive Systems, vol.1, issue.2, pp.223-259, 2006. ,
DOI : 10.1145/1186778.1186782
A Study of Android Application Security, Proceedings of the 20th USENIX Conference on Security, SEC'11. USENIX Association, 2011. ,
Understanding Android Security, IEEE Security & Privacy Magazine, vol.7, issue.1, pp.50-57, 2009. ,
DOI : 10.1109/MSP.2009.26
On the management of virtual networks, IEEE Communications Magazine, vol.51, issue.7, pp.80-88, 2013. ,
DOI : 10.1109/MCOM.2013.6553682
A survey of mobile malware in the wild, Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices, SPSM '11, pp.3-14, 2011. ,
DOI : 10.1145/2046614.2046618
Architectural Styles and the Design of Network-based Software Architectures , PhD. Dissertation, 2000. ,
[71] P. Foreman. Vulnerability Management Information Security Trammel. Modelling the Security Ecosystem -The Dynamics of (In)Security, Proceedings of the Workshop on the Economics of Information Security (WEIS'09), 2009. ,
Elections in a Distributed Computing System, IEEE Transactions on Computers, vol.31, issue.1, pp.48-59, 1982. ,
DOI : 10.1109/TC.1982.1675885
Principles of Data Mining, Drug Safety, vol.15, issue.2, 2001. ,
DOI : 10.2165/00002018-200730070-00010
Introduction to Automata Theory, Languages, and Computation, 2006. ,
DOI : 10.1145/568438.568455
A survey of autonomic computing???degrees, models, and applications, ACM Computing Surveys, vol.40, issue.3, pp.1-728, 2008. ,
DOI : 10.1145/1380584.1380585
Taxonomies of attacks and vulnerabilities in computer systems, IEEE Communications Surveys & Tutorials, vol.10, issue.1, pp.6-19, 2008. ,
DOI : 10.1109/COMST.2008.4483667
Cognitive Radio Wireless Sensor Networks: Applications, Challenges and Research Trends, Sensors, vol.13, issue.9, pp.11196-11228, 2013. ,
DOI : 10.3390/s130911196
URL : http://doi.org/10.3390/s130911196
The vision of autonomic computing, Computer, vol.36, issue.1, pp.41-50, 2003. ,
DOI : 10.1109/MC.2003.1160055
Enabling Self-Configuration in Autonomic Systems Using Case-Based Reasoning with Improved Efficiency, Fourth International Conference on Autonomic and Autonomous Systems (ICAS'08), pp.112-117, 2008. ,
DOI : 10.1109/ICAS.2008.44
Connecting Low-Power and Lossy Networks to the Internet, IEEE Communications Magazine, vol.49, issue.4, pp.96-101, 2011. ,
A Vulnerability Assessment Tool Based on OVAL in Linux System, Network and Parallel Computing, pp.653-660, 2004. ,
DOI : 10.1007/978-3-540-30141-7_95
Juxtapp and DStruct: Detection of Similarity Among Android Applications, 2012. ,
An Annotated Review of Past Papers on Attack Graphs, 2005. ,
https://www.mylookout.com/mobile-threat-report, 2013. ,
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning, 2009. ,
Creating a Patch and Vulnerability Management Program, 2005. ,
DOI : 10.6028/NIST.SP.800-40ver2
A Survey of Autonomic Network Architectures and Evaluation Criteria, IEEE Communications Surveys & Tutorials, vol.14, issue.2, pp.1-27, 2011. ,
DOI : 10.1109/SURV.2011.042711.00078
URL : https://hal.archives-ouvertes.fr/hal-01168689
http://www.tenable.com/products/nessus, 2013. ,
[114] OSVDB, The Open Source Vulnerability Database, 2013. ,
A scalable approach to attack graph generation, Proceedings of the 13th ACM conference on Computer and communications security , CCS '06, pp.336-345, 2006. ,
DOI : 10.1145/1180405.1180446
the OVAL Interpreter reference implementation, 2013. ,
ACML: Capability Based Attack Modeling Language, 2008 The Fourth International Conference on Information Assurance and Security, pp.147-154, 2008. ,
DOI : 10.1109/IAS.2008.26
Software Testing, 2005. ,
Dynamic Security Risk Management Using Bayesian Attack Graphs, IEEE Transactions on Dependable and Secure Computing, vol.9, issue.1, pp.61-74, 2012. ,
DOI : 10.1109/TDSC.2011.34
A survey of recent advances in SAT-based formal verification, International Journal on Software Tools for Technology Transfer, vol.35, issue.2, pp.156-173, 2005. ,
DOI : 10.1007/s10009-004-0183-4
Extending logical attack graphs for efficient vulnerability analysis, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, pp.63-74, 2008. ,
DOI : 10.1145/1455770.1455780
Virtualization: A Survey on Concepts, Taxonomy and Associated Security Issues, 2010 Second International Conference on Computer and Network Technology, pp.222-226, 2010. ,
DOI : 10.1109/ICCNT.2010.49
Towards Autonomic Network Management: an Analysis of Current and Future Research Directions, IEEE Communications Surveys & Tutorials, vol.11, issue.3, pp.22-36, 2009. ,
DOI : 10.1109/SURV.2009.090303
Change Priority Determination in IT Service Management Based on Risk Exposure, IEEE Transactions on Network and Service Management, vol.5, issue.3, pp.178-187, 2008. ,
DOI : 10.1109/TNSM.2009.031105
A framework for measuring the vulnerability of hosts, 2008 1st International Conference on Information Technology, pp.1-4, 2008. ,
DOI : 10.1109/INFTECH.2008.4621610
Decision support for service transition management Enforce change scheduling by performing change risk and business impact analysis, NOMS 2008, 2008 IEEE Network Operations and Management Symposium, pp.200-207, 2008. ,
DOI : 10.1109/NOMS.2008.4575135
Van Jacobson: Content-Centric Networking, Computer, vol.46, issue.1, pp.11-13, 2013. ,
DOI : 10.1109/MC.2013.34
Are we ready for SDN? Implementation challenges for software-defined networks, IEEE Communications Magazine, vol.51, issue.7, pp.5136-5179, 2013. ,
DOI : 10.1109/MCOM.2013.6553676
Google Android: A Comprehensive Security Assessment, IEEE Security & Privacy Magazine, vol.8, issue.2, pp.35-44, 2010. ,
DOI : 10.1109/MSP.2010.2
Automated generation and analysis of attack graphs, Proceedings 2002 IEEE Symposium on Security and Privacy, p.273, 2002. ,
DOI : 10.1109/SECPRI.2002.1004377
Engineering Policy-Based Ubiquitous Systems, The Computer Journal, vol.53, issue.7, pp.1113-1127, 2010. ,
DOI : 10.1093/comjnl/bxp102
Survivable Security Systems Through Autonomicity, Proceedings of the Second international Conference on Radical Agent Concepts: innovative Concepts for Autonomic and Agent-Based Systems, WRAC'05, pp.379-389, 2006. ,
DOI : 10.1007/11596042_125
Gaussian elimination is not optimal, Numerische Mathematik, vol.13, issue.4, pp.354-356, 1007. ,
DOI : 10.1007/BF02165411
URL : http://www.digizeitschriften.de/download/PPN362160546_0013/PPN362160546_0013___log38.pdf
Using Bayesian belief networks for change impact analysis in architecture design, Journal of Systems and Software, vol.80, issue.1, pp.127-148, 2007. ,
DOI : 10.1016/j.jss.2006.04.004
A requires/provides model for computer attacks, Proceedings of the 2000 workshop on New security paradigms , NSPW '00, pp.31-38, 2000. ,
DOI : 10.1145/366173.366187
Distributed Case-Based Reasoning for Fault Management, Proceedings of the 1st international conference on Autonomous Infrastructure, Management and Security: Inter-Domain Management (AIMS'07), pp.200-203, 2007. ,
DOI : 10.1007/978-3-540-72986-0_25
NETCONF Interoperability Testing, Proceedings of the Third International Conference on Autonomous Infrastructure, Management and Security (AIMS'09), pp.83-94, 2009. ,
DOI : 10.1007/11567486_16
Autonomous and Autonomic Systems: With Applications to NASA Intelligent Spacecraft Operations and Exploration Systems, 2009. ,
DOI : 10.1007/b105417
All Your Droid Are Belong To Us: A Survey of Current Android Attacks, Proceedings of the 5th USENIX Conference on Offensive Technologies, pp.10-10, 2011. ,
Automating Network and Service Configuration using NET- CONF and YANG, Proceedings of the 25th International Conference on Large Installation System Administration, pp.22-22, 2011. ,
OVM, Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research Cyber Security and Information Intelligence Challenges and Strategies, CSIIRW '09, pp.1-34, 2009. ,
DOI : 10.1145/1558607.1558646
TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection, 2010 IEEE Symposium on Security and Privacy, pp.497-512, 2010. ,
DOI : 10.1109/SP.2010.37
A Graph Based Approach Toward Network Forensics Analysis, ACM Transactions on Information and System Security, vol.12, issue.1, 2008. ,
DOI : 10.1145/1410234.1410238
Improving IT Change Management Processes with Automated Risk Assessment, Proceedings of the IEEE International Workshop on Distributed Systems: Operations and Management (DSOM'09), pp.71-84, 2009. ,
DOI : 10.1007/978-3-642-04989-7_6
Improve IT Security with Vulnerability Management, 2005. ,
A Survey of Information-Centric Networking Research, IEEE Communications Surveys & Tutorials, vol.16, issue.2, pp.1-26, 2013. ,
DOI : 10.1109/SURV.2013.070813.00063
Denial of service attack and prevention on SIP VoIP infrastructures using DNS flooding, Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications, IPTComm '07, pp.57-66, 2007. ,
DOI : 10.1145/1326304.1326314
Specification for the Extensible Configuration Checklist Description Format (XCCDF) NIST (National Institute of Standards and Technology), 2013. ,