A Synergy between Static and Dynamic Analysis for the Detection of Software Security Vulnerabilities

被引:0
|
作者
Hanna, Aiman [1 ]
Ling, Hai Zhou [1 ]
Yang, XiaoChun [1 ]
Debbabi, Mourad [1 ]
机构
[1] Concordia Univ, Concordia Inst Informat Syst Engn, Comp Secur Lab, Montreal, PQ, Canada
来源
ON THE MOVE TO MEANINGFUL INTERNET SYSTEMS: OTM 2009, PT 2 | 2009年 / 5871卷
关键词
Security Automata; Security Testing; Static Analysis; Dynamic Analysis; Test-Data Generation;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The main contribution of this paper is a framework for security testing. The key components of this framework are twofold: First, a static analyzer that automatically identifies suspicious sites of security vulnerabilities in a control flow graph. Second, a test-data generator. The intent is to attempt proving/disproving whether, or not, the suspicious sites are actual vulnerabilities. The paper introduces the static-dynamic hybrid vulnerability detection system, a system that targets the automation of security vulnerability detection in software. The system combines the detection powers of both static and dynamic analysis. Various components compose tins model, namely Static Vulnerability Revealer, Goal-Path-oriented System, and Dynamic Vulnerability Detector.
引用
收藏
页码:815 / 832
页数:18
相关论文
共 50 条
  • [21] Scalable Static Analysis to Detect Security Vulnerabilities: Challenges and Solutions
    Gauthier, Francois
    Keynes, Nathan
    Allen, Nicholas
    Corney, Diane
    Krishnan, Padmanabhan
    [J]. 2018 IEEE CYBERSECURITY DEVELOPMENT CONFERENCE (SECDEV 2018), 2018, : 134 - 134
  • [22] Ontology Model-Based Static Analysis of Security Vulnerabilities
    Yu, Lian
    Wu, Shi-Zhong
    Guo, Tao
    Dong, Guo-Wei
    Wan, Cheng-Cheng
    Jing, Yin-Hang
    [J]. INFORMATION AND COMMUNICATIONS SECURITY, 2011, 7043 : 330 - +
  • [23] Analysis of Software Vulnerabilities, Measures for Prevention and Protection and Security Testing
    Nakov, Ognian
    Trifonov, Roumen
    Pavlova, Galya
    Nakov, Plamen
    [J]. 2021 29TH NATIONAL CONFERENCE WITH INTERNATIONAL PARTICIPATION (TELECOM), 2021, : 73 - 76
  • [24] Detecting Software Security Vulnerabilities Via Requirements Dependency Analysis
    Wang, Wentao
    Dumont, Faryn
    Niu, Nan
    Horton, Glen
    [J]. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2022, 48 (05) : 1665 - 1675
  • [25] On the Design of IoT Security: Analysis of Software Vulnerabilities for Smart Grids
    Mathas, Christos-Minas
    Vassilakis, Costas
    Kolokotronis, Nicholas
    Zarakovitis, Charilaos C.
    Kourtis, Michail-Alexandros
    [J]. ENERGIES, 2021, 14 (10)
  • [26] Mining the Categorized Software Repositories to Improve the Analysis of Security Vulnerabilities
    Sadeghi, Alireza
    Esfahani, Naeem
    Malek, Sam
    [J]. FUNDAMENTAL APPROACHES TO SOFTWARE ENGINEERING, FASE 2014, 2014, 8411 : 155 - 169
  • [27] Software Metrics as Indicators of Security Vulnerabilities
    Medeiros, Nadia
    Ivaki, Naghmeh
    Costa, Pedro
    Vieira, Marco
    [J]. 2017 IEEE 28TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE), 2017, : 216 - 227
  • [28] The Research on Software Security Vulnerabilities Mining
    Liu Shuyu
    Kong Weiguang
    Yang Diwei
    [J]. PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON TECHNOLOGY MANAGEMENT AND INNOVATION (TMI 2010), 2010, : 333 - 335
  • [29] Evaluation of Static Analysis Tools for Software Security
    AlBreiki, Hamda Hasan
    Mahmoud, Qusay H.
    [J]. 2014 10TH INTERNATIONAL CONFERENCE ON INNOVATIONS IN INFORMATION TECHNOLOGY (IIT), 2014, : 93 - 98
  • [30] Software Security Vulnerabilities: Baselining and Benchmarking
    Rotella, Pete
    [J]. 2018 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SECURITY AWARENESS FROM DESIGN TO DEPLOYMENT (SEAD), 2018, : 3 - 10
12345