2023 Early Hearing Detection & Intervention Conference
March 5-7, 2023 • Cincinnati, OH
9/27/2017 | 10:25 AM - 11:10 AM | Cryptography Classes in Bugs Framework (BF): Encryption (ENC), Verification (VRF), and Key Management (KMN) | Track 1 - Cyber Security
Cryptography Classes in Bugs Framework (BF): Encryption (ENC), Verification (VRF), and Key Management (KMN)
Accurate, precise, and unambiguous definitions of software weaknesses (bugs) and clear descriptions of software vulnerabilities are vital for building the foundations of cybersecurity. The Bugs Framework (BF) comprises rigorous definitions and (static) attributes of bug classes, along with their related dynamic properties, such as proximate, secondary and tertiary causes, consequences, and sites. This paper presents an overview of previously developed BF classes and the new cryptography classes: encryption (ENC), verification (VRF), and key management (KMN). We analyze corresponding vulnerabilities and provide their clear descriptions by applying the BF taxonomy. Finally, we discuss the lessons learned and share our plans for developing next BF classes.
Presentation:
This presentation has not yet been uploaded.
Handouts:
Handout is not Available
Transcripts:
CART transcripts are NOT YET available, but will be posted shortly after the conference
Presenters/Authors
Irena Bojanova
(), NIST, irena.bojanova@nist.gov;
Irena Bojanova is a computer scientist at NIST. Previously she was a program chair at UMUC, an academic director at JHU-CTY, and a co-founder of OBS Ltd. (now CSC Bulgaria). She earned her Ph.D. in Mathematics/ Computer Science from the Bulgarian Academy of Sciences in 1991. Irena serves as Member at Large on IEEE CS Publications Board, AEIC of IEEE IT Professional, co-chair of IEEE RS IoT TC and founding member of IEEE TSC on Big Data. Irena was the founding chair of IEEE CS Cloud Computing STC and EIC of IEEE Transactions on Cloud Computing. She writes cloud and IoT blogs for IEEE CS Computing Now.
ASHA DISCLOSURE:
Financial -
Nonfinancial -
Paul E. Black
(), NIST, paul.black@nist.gov;
Paul E. Black has nearly 20 years of industrial experience in developing software for IC design and verification, assuring software quality, and managing business data processing. He is the founder and editor of the Dictionary of Algorithms and Data Structures http://www.nist.gov/dads/. Black earned a Ph.D. from Brigham Young University in 1998. He taught classes at Brigham Young University and Johns Hopkins University. He has published in static analysis, software testing, networks and queuing analysis, formal methods, software verification, quantum computing, and computer forensics. He is a member of ACM and a senior member of IEEE.
ASHA DISCLOSURE:
Financial -
Nonfinancial -
Yaacov Yesha
(), NIST, yaacov.yesha@nist.gov ;
Yaacov Yesha is a professor at the Department of Computer Science and Electrical Engineering at the University of Maryland, Baltimore County. He earned his PhD in Computer Science in 1979 from the Weizmann Institute of Science. His research interests include software assurance and cloud computing.
ASHA DISCLOSURE:
Financial -
Nonfinancial -