Towards Empirical Evaluation of Software Security Risk

Blessing, Jenny

Author(s)

Blessing, Jenny

DownloadThesis PDF (535.1Kb)

Advisor

Weitzner, Daniel J.

Terms of use

In Copyright - Educational Use Permitted Copyright MIT http://rightsstatements.org/page/InC-EDU/1.0/

Metadata

Show full item record

Abstract

This thesis provides empirical metrics for different vectors for vulnerability introduction, with a particular focus on cryptographic software. Through quantitative analysis of source code and vulnerability metrics from a variety of cryptographic libraries, we arrive at a more precise notion of what types of modifications introduce a higher level of risk into a system. Empirical evidence of the causes of security risk will provide technically-grounded guidance in the ongoing policy debate over exceptional access, enabling the security community to more objectively evaluate proposed exceptional access systems.

Date issued

2021-06

URI

https://hdl.handle.net/1721.1/139005

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science; Massachusetts Institute of Technology. Institute for Data, Systems, and Society

Publisher

Massachusetts Institute of Technology

Collections

Graduate Theses