{"id":"https://openalex.org/W1505851021","doi":"https://doi.org/10.3233/jcs-2002-101-209","title":"Model-based analysis of configuration vulnerabilities1","display_name":"Model-based analysis of configuration vulnerabilities1","publication_year":2002,"publication_date":"2002-01-01","ids":{"openalex":"https://openalex.org/W1505851021","doi":"https://doi.org/10.3233/jcs-2002-101-209","mag":"1505851021"},"language":"en","primary_location":{"id":"doi:10.3233/jcs-2002-101-209","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-2002-101-209","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5112629679","display_name":"C. R. Ramakrishnan","orcid":null},"institutions":[{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]},{"id":"https://openalex.org/I1327163397","display_name":"State University of New York","ror":"https://ror.org/01q1z8k08","country_code":"US","type":"education","lineage":["https://openalex.org/I1327163397"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"C.R. Ramakrishnan","raw_affiliation_strings":["Department of Computer Science, State University of New York, Stony Brook, NY 11794, USA. E-mail: cram@cs.sunysb.edu, sekar@cs.sunysb.edu"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, State University of New York, Stony Brook, NY 11794, USA. E-mail: cram@cs.sunysb.edu, sekar@cs.sunysb.edu","institution_ids":["https://openalex.org/I59553526","https://openalex.org/I1327163397"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5102886132","display_name":"R. Sekar","orcid":"https://orcid.org/0009-0008-9135-3296"},"institutions":[{"id":"https://openalex.org/I1327163397","display_name":"State University of New York","ror":"https://ror.org/01q1z8k08","country_code":"US","type":"education","lineage":["https://openalex.org/I1327163397"]},{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"R. Sekar","raw_affiliation_strings":["Department of Computer Science, State University of New York, Stony Brook, NY 11794, USA. E-mail: cram@cs.sunysb.edu, sekar@cs.sunysb.edu"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, State University of New York, Stony Brook, NY 11794, USA. E-mail: cram@cs.sunysb.edu, sekar@cs.sunysb.edu","institution_ids":["https://openalex.org/I59553526","https://openalex.org/I1327163397"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5102886132"],"corresponding_institution_ids":["https://openalex.org/I1327163397","https://openalex.org/I59553526"],"apc_list":null,"apc_paid":null,"fwci":9.7985,"has_fulltext":false,"cited_by_count":118,"citation_normalized_percentile":{"value":0.98747292,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":"10","issue":"1-2","first_page":"189","last_page":"209"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10142","display_name":"Formal Methods in Verification","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1703","display_name":"Computational Theory and Mathematics"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10142","display_name":"Formal Methods in Verification","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1703","display_name":"Computational Theory and Mathematics"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12423","display_name":"Software Reliability and Analysis Research","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6644580364227295}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6644580364227295}],"mesh":[],"locations_count":5,"locations":[{"id":"doi:10.3233/jcs-2002-101-209","is_oa":false,"landing_page_url":"https://doi.org/10.3233/jcs-2002-101-209","pdf_url":null,"source":{"id":"https://openalex.org/S106992369","display_name":"Journal of Computer Security","issn_l":"0926-227X","issn":["0926-227X","1875-8924"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318577","host_organization_name":"IOS Press","host_organization_lineage":["https://openalex.org/P4310318577"],"host_organization_lineage_names":["IOS Press"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Computer Security","raw_type":"journal-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.24.9628","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.24.9628","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://seclab.cs.sunysb.edu/sekar/papers/jcs.ps","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.34.1551","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.34.1551","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.cs.sunysb.edu/~cram/papers/manuscripts/vulnerability/paper.ps.gz","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.73.8491","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.73.8491","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.seclab.cs.sunysb.edu/seclab1/pubs/papers/jcs01.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.78.5300","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.78.5300","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://seclab.cs.sunysb.edu/seclab1/pubs/papers/jcs01.ps","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.8100000023841858,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W6279871","https://openalex.org/W1483652549","https://openalex.org/W1501731334","https://openalex.org/W1503170978","https://openalex.org/W1503609498","https://openalex.org/W1503973138","https://openalex.org/W1506588809","https://openalex.org/W1522225310","https://openalex.org/W1524332517","https://openalex.org/W1550792582","https://openalex.org/W1559645909","https://openalex.org/W1593428110","https://openalex.org/W1816460274","https://openalex.org/W2034717157","https://openalex.org/W2070598037","https://openalex.org/W2093916942","https://openalex.org/W2104588447","https://openalex.org/W2115309705","https://openalex.org/W2117189826","https://openalex.org/W2169476734","https://openalex.org/W2571398649","https://openalex.org/W3144368627"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W2382290278","https://openalex.org/W2478288626","https://openalex.org/W4391913857","https://openalex.org/W2350741829","https://openalex.org/W2530322880"],"abstract_inverted_index":{"Vulnerability":[0],"analysis":[1,31,194,269],"is":[2,51,72,125,187,195,244],"concerned":[3],"with":[4,140,227],"the":[5,63,82,93,97,200,203,214,234,249,277],"problem":[6],"of":[7,41,47,62,77,115,121,166,184,199,213,224,236,270],"identifying":[8],"weaknesses":[9],"in":[10,147,197,217,233,255,276],"computer":[11],"systems":[12,272],"that":[13,65,90,110,126,190,202,230,251,261],"can":[14,55,128],"be":[15,129,274],"exploited":[16],"to":[17,29,112,131,177,188,273,284],"compromise":[18],"their":[19],"security.":[20],"In":[21],"this":[22,172,185,256],"paper":[23,157,186],"we":[24,252,259],"describe":[25],"a":[26,49,113,122,163,167,240],"new":[27],"approach":[28,37,124,160],"vulnerability":[30,237,268],"based":[32],"on":[33],"model":[34,61,71,95],"checking.":[35],"Our":[36,209],"involves:":[38],"Formal":[39],"specification":[40],"desired":[42],"security":[43,98],"properties.":[44,117],"An":[45,118],"example":[46],"such":[48,80,191,219],"property":[50],"\u201cno":[52],"ordinary":[53],"user":[54],"overwrite":[56],"system":[57,64,78,173,204,243],"log":[58],"files\u201d.An":[59],"abstract":[60,94],"captures":[66],"its":[67],"security-related":[68],"behaviors.":[69],"This":[70,137,156],"obtained":[73],"by":[74,161],"composing":[75],"models":[76,205],"components":[79],"as":[81,144,220,280],"file":[83],"system,":[84,169],"privileged":[85],"processes,":[86],"etc.A":[87],"verification":[88],"procedure":[89],"checks":[91],"whether":[92],"satisfies":[96],"properties,":[99],"and":[100,134,149,170,266],"if":[101],"not,":[102],"produces":[103],"execution":[104],"sequences":[105],"(also":[106],"called":[107],"exploit":[108,211],"scenarios)":[109],"lead":[111],"violation":[114],"these":[116],"important":[119],"benefit":[120],"model-based":[123],"it":[127],"used":[130,146],"detect":[132],"known":[133,154],"as-yet-unknown":[135],"vulnerabilities.":[136,155,180],"capability":[138],"contrasts":[139],"previous":[141],"approaches":[142],"(such":[143],"those":[145],"COPS":[148],"SATAN)":[150],"which":[151],"mainly":[152],"address":[153],"demonstrates":[158],"our":[159,262],"modelling":[162],"simplified":[164],"version":[165],"UNIX-based":[168],"analyzing":[171],"using":[174],"model-checking":[175,281],"techniques":[176,210,216,282],"identify":[178],"nontrivial":[179],"A":[181],"key":[182],"contribution":[183],"show":[189,264],"an":[192],"automated":[193,265],"feasible":[196,275],"spite":[198],"fact":[201],"are":[206,231],"infinite-state":[207],"systems.":[208],"some":[212],"latest":[215],"model-checking,":[218],"constraint-based":[221],"(implicit)":[222],"representation":[223],"state-space,":[225],"together":[226],"domain-specific":[228],"optimizations":[229],"appropriate":[232],"context":[235],"analysis.":[238],"Clearly,":[239],"realistic":[241,271],"UNIX":[242],"much":[245],"more":[246],"complex":[247],"than":[248],"one":[250],"have":[253],"modelled":[254],"paper.":[257],"Nevertheless,":[258],"believe":[260],"results":[263],"systematic":[267],"near":[278],"future,":[279],"continue":[283],"improve.":[285]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":5},{"year":2022,"cited_by_count":3},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":3},{"year":2015,"cited_by_count":2},{"year":2014,"cited_by_count":4},{"year":2013,"cited_by_count":2},{"year":2012,"cited_by_count":3}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}