skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Disk Usage as an Indicator of Vulnerability in Software Products.


Abstract not provided.

Publication Date:
Research Org.:
Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
Sponsoring Org.:
USDOE National Nuclear Security Administration (NNSA)
OSTI Identifier:
Report Number(s):
DOE Contract Number:
Resource Type:
Resource Relation:
Conference: Proposed for presentation at the Intern Symposium.
Country of Publication:
United States

Citation Formats

Zhao, Hankun. Disk Usage as an Indicator of Vulnerability in Software Products.. United States: N. p., 2016. Web.
Zhao, Hankun. Disk Usage as an Indicator of Vulnerability in Software Products.. United States.
Zhao, Hankun. 2016. "Disk Usage as an Indicator of Vulnerability in Software Products.". United States. doi:.
title = {Disk Usage as an Indicator of Vulnerability in Software Products.},
author = {Zhao, Hankun},
abstractNote = {Abstract not provided.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = 2016,
month = 7

Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share:
  • The US Department of Energy (DOE) is currently storing several metric tons of plutonium in various forms in a variety of facilities throughout the DOE complex. Since the cessation of weapons production in 1990, many of these facilities with plutonium in storage have not operated. Since the shutdown was regarded as temporary, little attempt was made at that time to empty the process lines of plutonium, or to place the plutonium in containers or packages that would provide safe storage for extended periods of time. As a result, the packages and containers providing interim storage are vulnerable to failure throughmore » leakage, rupture and other modes, and pose potential hazards to facility workers, the public and the environment. Here, an approach to measuring and tracking the reduction in vulnerabilities resulting from stabilizing and repackaging plutonium is developed and presented. The approach utilizes results obtained by the DOE Working Group on the vulnerabilities associated with plutonium storage.« less
  • LAVA (the Los Alamos Vulnerability/Risk Assessment system) is an original systematic approach to risk assessment developed at the Los Alamos National Laboratory. It is an alternative to existing quantitative methods, providing an approach that is both objective and subjective, and producing results that are both quantitative and qualitative. LAVA was developed as a tool to help satisfy federal requirements for periodic vulnerability and risk assessments of a variety of systems and to satisfy the resulting need for an inexpensive, reusable, automated risk assessment tool firmly rooted in science. LAVA is a three-part systematic approach to risk assessment that can bemore » used to model a variety of application systems such as computer security systems, communications security systems, information security systems, and others. The first part of LAVA is the mathematical model based on classical risk assessment, hierarchical multilevel system theory, decision theory, fuzzy possibility theory, expert system theory, utility theory, and cognitive science. The second part is the implementation of the mathematical risk model as a general software engine executed on a large class of personal computers. The third part is the application data sets written for a specific application system. The user of a LAVA application is not required to have knowledge of formal risk assessment techniques. All the technical expertise and specialized knowledge are built into the software engine and the application system itself. 36 refs., 5 figs.« less
  • While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not relymore » on heuristics or approximations early in the analysis.« less
  • The risk due to software vulnerabilities will not be completely resolved in the near future. Instead, putting reliable vulnerability measures into the hands of end-users so that informed decisions can be made regarding the relative security exposure incurred by choosing one software package over another is of importance. To that end, we propose two new security metrics, average active vulnerabilities (AAV) and vulnerability free days (VFD). These metrics capture both the speed with which new vulnerabilities are reported to vendors and the rate at which software vendors fix them. We then examine how the metrics are computed using currently availablemore » datasets and demonstrate their estimation in a simulation experiment using four different browsers as a case study. Finally, we discuss how the metrics may be used by the various stakeholders of software and to software usage decisions.« less
  • SAVI (Systematic Analysis of Vulnerability to Intrusion) is a new PC-based software package for modeling Physical Protection Systems (PPS). SAVI utilizes a path analysis approach based on the Adversary Sequence Diagram (ASD) methodology. A highly interactive interface allows the user to accurately model complex facilities, maintain a library of these models on disk, and calculate the most vulnerable paths through any facility. Recommendations are provided to help the user choose facility upgrades which should reduce identified path vulnerabilities. Pop-up windows throughout SAVI are used for the input and display of information. A menu at the top of the screen presentsmore » all options to the user. These options are further explained on a message line directly below the menu. A diagram on the screen graphically represents the current protection system model. All input is checked for errors, and data are presented in a logical and clear manner. Print utilities provide the user with hard copies of all information and calculated results.« less