Daniel Woodraska

Learn More
Security attacks typically result from unintended behaviors or invalid inputs. Security testing is labor intensive because a real-world program usually has too many invalid inputs. It is highly desirable to automate or partially automate security-testing process. This paper presents an approach to automated generation of security tests by using formal(More)
FTP is a widely used protocol for working with remote file systems. Various FTP implementations have had security problems reported as late as 2010. There lacks a systematic analysis of FTP security. In this paper, threat models are built to provide a systematic coverage of potential security attacks against an FTP server. Security tests are then generated(More)
Security has become a priority for software development and many security testing techniques have been developed over the years. Benchmarks based on real-world systems, however, are in great demand for evaluating the vulnerability detection capability of these techniques. To develop such a benchmark, this paper presents an approach to security mutation(More)
  • 1