Software Vulnerability Detection Methodology Combined with Static and Dynamic Analysis

被引：0

作者：

Seokmo Kim

R. Young Chul Kim

Young B. Park

机构：

[1] Dankook University,Department of Computer Science & Engineering

[2] Hongik University,Department of Computer Information Communication

[3] Dankook University,Department of Computer Science

来源：

Wireless Personal Communications | 2016年 / 89卷

关键词：

Vulnerability; Instrumentation; Fault injection; Model-to-text transformations;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

Software vulnerability is the attack surface. Therefore, vulnerabilities innate in software should be detected for software security assurance. Vulnerability detection method can be divided into static vulnerability detection and dynamic vulnerability detection. Static vulnerability detection is more commonly used for vulnerability detection. This method has many benefits, but it also creates false positives. Therefore, this paper proposes a method to combine static and dynamic detection to reduce false positives created from static vulnerability detection. The proposed method verifies the vulnerability by implanting a fault, based on the information received from static code analysis.

引用

页码：777 / 793

页数：16

共 26 条

[1]

Gopalakrishna R(2005)Vulnerability likelihood: A probabilistic approach to software assurance CERIAS, Purdue Univeristy Tech. Rep 6 2005-393

[2]

Spafford E(2010)Wireless innovations as enablers for complex & dynamic artificial systems Wireless Personal Communications 53 365-1376

[3]

Vitek J(2015)Multi-metrics approach for security, privacy and dependability in embedded systems Wireless Personal Communications 81 1359-81

[4]

Vassilaras S(2014)Survey on mobility and multihoming in future internet Wireless Personal Communications 74 45-79

[5]

Yovanof GS(2004)Static analysis for security IEEE Security and Privacy 6 76-172

[6]

Garitano I(2011)A mobile agent-based tool supporting web services testing Wireless Personal Communications 56 147-82

[7]

Fayyad S(1997)Fault injection techniques and tools Computer 30 75-32

[8]

Noll J(1978)Program instrumentation and software testing Computer 4 25-142

[9]

Gladisch A(2006)A taxonomy of model transformation Electronic Notes in Theoretical Computer Science 152 125-89

[10]

Daher R(2006)Common vulnerability scoring system Security & Privacy, IEEE 4 85-214

← 1 2 3 →