Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2007.14-C.4.313

A Study on Validation Testing for Input Files of MS Word-Processor  

Yun, Young-Min (단국대학교 전산통계학과)
Choi, Jong-Cheon (단국대학교 정보컴퓨터과학과)
Yoo, Hae-Young (단국대학교 정보컴퓨터학과)
Cho, Seong-Je (단국대학교 정보컴퓨터학과)
Publication Information
The KIPS Transactions:PartC / v.14C, no.4, 2007 , pp. 313-320 More about this Journal
Abstract
In this paper, we propose a method to analyze security vulnerabilities of MS word-processor by checking the validation of its input files. That is, this study is to detect some vulnerabilities in the input file of the word processor by analyzing the header information of its input file. This validation test can not be conducted by the existing software fault injection tools including Holodeck and CANVAS. The proposed method can be also applied to identify the input file vulnerabilities of Hangul and Microsoft Excel which handle a data file with a header as an input. Moreover, our method can provide a means for assessing the fault tolerance and trustworthiness of the target software.
Keywords
Input File Validation Checking; Word-Processor; Vulnerability;
Citations & Related Records
연도 인용수 순위
  • Reference
1 James A. Whittaker and Herbert H. Thompson, 'How to break software security,' Addison-Wesley, 2003
2 http://www.coresecurity.com
3 http://www.cert.org
4 W. Arbaugh, W. Fithen and J. Mchugh, 'Windows of vulnerability : A case study analysis,' IEEE Computer, Vol.33, No.12, pp.52-59, 2000   DOI   ScienceOn
5 H. Thompson, J. Whittaker and F. Moatty 'Software Security Vulnerability Testing In Hostile Environments,' In Proceedings of the 17th ACM Software Applications Conference, pp.260-264, 2002   DOI
6 E. Clarked and J. Wing, 'Formal methods : State of the art and future directions,' ACM Computing Surveys, Vol. 28, No. 4, pp.626-643, 1996   DOI   ScienceOn
7 C. Pfleeger, S. Pfleeger and M. Theofanos, 'A methodology for penetration testing,' Computers and Security, Vol. 8, No.2, pp.613-620, 1990
8 James A. Whittaker, 'How to break software,' Addison-Wesley, 2002
9 http://www.securityfocus.com
10 http://cve.mitre.org
11 P. Broadwell and E. Ong, 'A comparison of static analysis and fault injection techniques for developing robust system services,' Technical report, Computer Science Division, University of California, Berkeley, 2002
12 D. Peled, 'Software reliability methods,' Springer, 2001
13 http://www.securityinnonation.com
14 http://www.immunitysec.com