Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Allen D. Householder
May 2016 - Podcast Threat Modeling and the Internet of Things

Topics: Vulnerability Analysis

Authors: Art Manion, Allen D. Householder

Art Manion and Allen Householder of the CERT Vulnerability Analysis team, talk about threat modeling and its use in improving the security of the Internet of Things (IoT).

December 2015 - Technical Report Extending AADL for Security Design Assurance of Cyber-Physical Systems

Topics: Cyber-Physical Systems

Authors: Robert J. Ellison, Allen D. Householder, John J. Hudak, Rick Kazman, Carol Woody

This report demonstrates the viability and limitations of using the Architecture Analysis and Design Language (AADL) through an extended example that allows for specifying and analyzing the security properties of an automotive electronics system.

August 2015 - Presentation Vulnerability Coordination and Concurrency

Topics: Vulnerability Analysis

Authors: Allen D. Householder

In this talk, the presenter will describe the process of coordinating vulnerability disclosures, why it's hard, and some of the pitfalls and hidden complexities we have encountered.

August 2015 - Presentation Systemic Vulnerabilities: An Allegorical Tale of SteampunkVulnerability to Aero-Physical Threats.

Topics: Vulnerability Analysis

Authors: Allen D. Householder

In this talk, we will trace the origin and evolution of a physical-world vulnerability that dates to the late 19th century, and explore whether "building security in" is even always an available option.

July 2015 - White Paper Comments on Bureau of Industry and Security (BIS) Proposed Rule Regarding Wassenaar Arrangement 2013 Plenary Agreements Implementation for Intrusion and Surveillance Items

Topics: Vulnerability Analysis

Authors: Allen D. Householder, Art Manion

In this paper, CERT researchers comment on the proposed rule, Wassenaar Arrangement 2013 Plenary Agreements Implementation: Intrusion and Surveillance Items.

May 2013 - White Paper Strengths in Security Solutions

Topics: Cybersecurity Engineering, Secure Coding

Authors: Arjuna Shunn (Microsoft), Carol Woody, Robert C. Seacord, Allen D. Householder

In this white paper, the authors map eight CERT tools, services, and processes to Microsoft's Simplified Security Development Lifecycle.

October 2012 - Technical Note Well There’s Your Problem: Isolating the Crash-Inducing Bits in a Fuzzed File

Topics: Vulnerability Analysis

Authors: Allen D. Householder

In this 2012 report, Allen Householder describes an algorithm for reverting bits from a fuzzed file to those found in the original seed file to recreate the crash.

August 2012 - Technical Note Probability-Based Parameter Selection for Black-Box Fuzz Testing

Topics: Vulnerability Analysis

Authors: Allen D. Householder, Jonathan M. Foote

In this report, the authors describe an algorithm for automating the selection of seed files and other parameters used in black-box fuzz testing.

January 2005 - Technical Note A Structured Approach to Classifying Security Vulnerabilities

Topics: Secure Coding, Vulnerability Analysis

Authors: Robert C. Seacord, Allen D. Householder

In this 2005 report, the authors propose a classification scheme that uses attribute-value pairs to provide a multidimensional view of vulnerabilities.

August 2002 - White Paper 2002 Tech Tip: Securing an Internet Name Server

Authors: Allen D. Householder, Brian King

The goal of this document is to discuss general name server security. However, in order to provide useful examples we have chosen to focus on BIND since it is the most commonly used software for DNS servers.

October 2001 - White Paper 2001 Tech Tip: Managing the Threat of Denial-of-Service Attacks

Topics: Vulnerability Analysis

Authors: Allen D. Householder, Art Manion, Linda Pesante

In this 2001 paper, the authors describe the then-current situation regarding denial-of-service (DOS) attacks and ways of addressing the problem.