Vulnerability dependencies in antivirus software

Kreetta Askola, Rauli Puuperä, Pekka Pietikäinen, Juhani Eronen, Marko Laakso, Kimmo Halunen, Juha Röning

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

2 Citations (Scopus)

Abstract

In this paper we present an application of the MATINE method for investigating dependencies in antivirus (AV) software and some vulnerabilities arising from these dependencies. Previously, this method has been effectively used to find vulnerabilities in network protocols. Because AV software is as vulnerable as any other software and has a great security impact, we decided to use this method to find vulnerabilities in AV software. These findings may have implications to critical infrastructure, for the use of AV is often considered obligatory. The results were obtained by gathering semantic data on AV vulnerabilities, analyisis of the data and content analysis of media follow-up. The results indicate, that different aspects of AV software should be observed in the context of critical infrastructure planning and management.

Original languageEnglish
Title of host publicationProceedings - 2nd Int. Conf. on Emerging Security Information, Sys. Technol., SECURWARE 2008, Includes DEPEND 2008
Subtitle of host publication1st Int. Workshop on Dependability and Security in Complex and Critical Inf. Sys.
Pages273-278
Number of pages6
DOIs
Publication statusPublished - 17 Nov 2008
MoE publication typeA4 Article in a conference publication
Event2nd International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2008 - Cap Esterel, France
Duration: 25 Aug 200831 Aug 2008

Conference

Conference2nd International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2008
CountryFrance
CityCap Esterel
Period25/08/0831/08/08

Fingerprint

Critical infrastructures
Semantics
Network protocols
Planning

Keywords

  • Antivirus vulnerabilities
  • Dependency tracking
  • Vulnerability dependencies

Cite this

Askola, K., Puuperä, R., Pietikäinen, P., Eronen, J., Laakso, M., Halunen, K., & Röning, J. (2008). Vulnerability dependencies in antivirus software. In Proceedings - 2nd Int. Conf. on Emerging Security Information, Sys. Technol., SECURWARE 2008, Includes DEPEND 2008: 1st Int. Workshop on Dependability and Security in Complex and Critical Inf. Sys. (pp. 273-278). [4622594] https://doi.org/10.1109/SECURWARE.2008.10
Askola, Kreetta ; Puuperä, Rauli ; Pietikäinen, Pekka ; Eronen, Juhani ; Laakso, Marko ; Halunen, Kimmo ; Röning, Juha. / Vulnerability dependencies in antivirus software. Proceedings - 2nd Int. Conf. on Emerging Security Information, Sys. Technol., SECURWARE 2008, Includes DEPEND 2008: 1st Int. Workshop on Dependability and Security in Complex and Critical Inf. Sys.. 2008. pp. 273-278
@inproceedings{2bafc9da1b014916a2a04763ec5c31f2,
title = "Vulnerability dependencies in antivirus software",
abstract = "In this paper we present an application of the MATINE method for investigating dependencies in antivirus (AV) software and some vulnerabilities arising from these dependencies. Previously, this method has been effectively used to find vulnerabilities in network protocols. Because AV software is as vulnerable as any other software and has a great security impact, we decided to use this method to find vulnerabilities in AV software. These findings may have implications to critical infrastructure, for the use of AV is often considered obligatory. The results were obtained by gathering semantic data on AV vulnerabilities, analyisis of the data and content analysis of media follow-up. The results indicate, that different aspects of AV software should be observed in the context of critical infrastructure planning and management.",
keywords = "Antivirus vulnerabilities, Dependency tracking, Vulnerability dependencies",
author = "Kreetta Askola and Rauli Puuper{\"a} and Pekka Pietik{\"a}inen and Juhani Eronen and Marko Laakso and Kimmo Halunen and Juha R{\"o}ning",
year = "2008",
month = "11",
day = "17",
doi = "10.1109/SECURWARE.2008.10",
language = "English",
isbn = "9780769533292",
pages = "273--278",
booktitle = "Proceedings - 2nd Int. Conf. on Emerging Security Information, Sys. Technol., SECURWARE 2008, Includes DEPEND 2008",

}

Askola, K, Puuperä, R, Pietikäinen, P, Eronen, J, Laakso, M, Halunen, K & Röning, J 2008, Vulnerability dependencies in antivirus software. in Proceedings - 2nd Int. Conf. on Emerging Security Information, Sys. Technol., SECURWARE 2008, Includes DEPEND 2008: 1st Int. Workshop on Dependability and Security in Complex and Critical Inf. Sys.., 4622594, pp. 273-278, 2nd International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2008, Cap Esterel, France, 25/08/08. https://doi.org/10.1109/SECURWARE.2008.10

Vulnerability dependencies in antivirus software. / Askola, Kreetta; Puuperä, Rauli; Pietikäinen, Pekka; Eronen, Juhani; Laakso, Marko; Halunen, Kimmo; Röning, Juha.

Proceedings - 2nd Int. Conf. on Emerging Security Information, Sys. Technol., SECURWARE 2008, Includes DEPEND 2008: 1st Int. Workshop on Dependability and Security in Complex and Critical Inf. Sys.. 2008. p. 273-278 4622594.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Vulnerability dependencies in antivirus software

AU - Askola, Kreetta

AU - Puuperä, Rauli

AU - Pietikäinen, Pekka

AU - Eronen, Juhani

AU - Laakso, Marko

AU - Halunen, Kimmo

AU - Röning, Juha

PY - 2008/11/17

Y1 - 2008/11/17

N2 - In this paper we present an application of the MATINE method for investigating dependencies in antivirus (AV) software and some vulnerabilities arising from these dependencies. Previously, this method has been effectively used to find vulnerabilities in network protocols. Because AV software is as vulnerable as any other software and has a great security impact, we decided to use this method to find vulnerabilities in AV software. These findings may have implications to critical infrastructure, for the use of AV is often considered obligatory. The results were obtained by gathering semantic data on AV vulnerabilities, analyisis of the data and content analysis of media follow-up. The results indicate, that different aspects of AV software should be observed in the context of critical infrastructure planning and management.

AB - In this paper we present an application of the MATINE method for investigating dependencies in antivirus (AV) software and some vulnerabilities arising from these dependencies. Previously, this method has been effectively used to find vulnerabilities in network protocols. Because AV software is as vulnerable as any other software and has a great security impact, we decided to use this method to find vulnerabilities in AV software. These findings may have implications to critical infrastructure, for the use of AV is often considered obligatory. The results were obtained by gathering semantic data on AV vulnerabilities, analyisis of the data and content analysis of media follow-up. The results indicate, that different aspects of AV software should be observed in the context of critical infrastructure planning and management.

KW - Antivirus vulnerabilities

KW - Dependency tracking

KW - Vulnerability dependencies

UR - http://www.scopus.com/inward/record.url?scp=55849093970&partnerID=8YFLogxK

U2 - 10.1109/SECURWARE.2008.10

DO - 10.1109/SECURWARE.2008.10

M3 - Conference article in proceedings

AN - SCOPUS:55849093970

SN - 9780769533292

SP - 273

EP - 278

BT - Proceedings - 2nd Int. Conf. on Emerging Security Information, Sys. Technol., SECURWARE 2008, Includes DEPEND 2008

ER -

Askola K, Puuperä R, Pietikäinen P, Eronen J, Laakso M, Halunen K et al. Vulnerability dependencies in antivirus software. In Proceedings - 2nd Int. Conf. on Emerging Security Information, Sys. Technol., SECURWARE 2008, Includes DEPEND 2008: 1st Int. Workshop on Dependability and Security in Complex and Critical Inf. Sys.. 2008. p. 273-278. 4622594 https://doi.org/10.1109/SECURWARE.2008.10