Towards the automation of vulnerability detection in source code
作者: Hai Zhou Ling
DOI:
关键词:
摘要: Software vulnerability detection, which involves security property specification and verification, is essential in assuring the software security. However, process of detection labor-intensive, time-consuming error-prone if done manually. In this thesis, we present a hybrid approach, utilizes power static dynamic analysis for performing systematic way. The key contributions thesis are threefold. first, framework, supports specification, potential proposed. Second, an investigation test data generation verification conducted. Third, concept reducing to reachability introduced.
参考文章(45)
J. Bicevskis, J. Borzovs, U. Straujums, A. Zarins, E.F. Miller, SMOTL—A System to Construct Samples for Data Processing Program Debugging IEEE Transactions on Software Engineering. ,vol. SE-5, pp. 60- 66 ,(1979) , 10.1109/TSE.1979.226498
J. Heffley, P. Meunier, Can source code auditing software identify common vulnerabilities and be used to evaluate software security hawaii international conference on system sciences. ,vol. 10, pp. 90277- 90277 ,(2004) , 10.1109/HICSS.2004.1265654
C.V. Ramamoorthy, S.-B.F. Ho, W.T. Chen, On the Automated Generation of Program Test Data IEEE Transactions on Software Engineering. ,vol. SE-2, pp. 293- 300 ,(1976) , 10.1109/TSE.1976.233835
Fred B. Schneider, Enforceable security policies ACM Transactions on Information and System Security. ,vol. 3, pp. 30- 50 ,(2000) , 10.1145/353323.353382
Roger Ferguson, Bogdan Korel, The chaining approach for software test data generation ACM Transactions on Software Engineering and Methodology. ,vol. 5, pp. 63- 86 ,(1996) , 10.1145/226155.226158
N. Dershowitz, Z. Manna, Inference Rules for Program Annotation IEEE Transactions on Software Engineering. ,vol. 7, pp. 207- 222 ,(1981) , 10.1109/TSE.1981.234518
W. Miller, D.L. Spooner, Automatic Generation of Floating-Point Test Data IEEE Transactions on Software Engineering. ,vol. SE-2, pp. 223- 226 ,(1976) , 10.1109/TSE.1976.233818
J. Voas, Fault injection for the masses IEEE Computer. ,vol. 30, pp. 129- 130 ,(1997) , 10.1109/2.642820
Robert S. Boyer, Bernard Elspas, Karl N. Levitt, SELECT—a formal system for testing and debugging programs by symbolic execution ACM SIGPLAN Notices. ,vol. 10, pp. 234- 245 ,(1975) , 10.1145/390016.808445
Patrice Godefroid, Nils Klarlund, Koushik Sen, DART: directed automated random testing programming language design and implementation. ,vol. 40, pp. 213- 223 ,(2005) , 10.1145/1064978.1065036