nach oben

Wireless Personal Communications

Erschienen in:

01.08.2016

Software Vulnerability Detection Methodology Combined with Static and Dynamic Analysis

Erschienen in: Wireless Personal Communications | Ausgabe 3/2016

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Software vulnerability is the attack surface. Therefore, vulnerabilities innate in software should be detected for software security assurance. Vulnerability detection method can be divided into static vulnerability detection and dynamic vulnerability detection. Static vulnerability detection is more commonly used for vulnerability detection. This method has many benefits, but it also creates false positives. Therefore, this paper proposes a method to combine static and dynamic detection to reduce false positives created from static vulnerability detection. The proposed method verifies the vulnerability by implanting a fault, based on the information received from static code analysis.

Vorheriger Artikel A Study on the Authentication and Security of Financial Settlement Using the Finger Vein Technology in Wireless Internet Environment

Nächster Artikel A New Performance Assessment Modeling and Development of a Performance Assessment System for a Cloud Service

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

National Institute of Standards and Technology (NIST). (2014). National vulnerability database. Retrieved September 28, 2014. http://nvd.nist.gov.

Dhamankar, R., Dausin, M., Eisenbarth, M., King, J., Kandek, W., Ullrich, J., & Lee, R. (2009). The top cyber security risks. Tipping Point, Qualys, the Internet Storm Center and the SANS Institute faculty, Tech. Rep.

Gopalakrishna, R., Spafford, E., & Vitek, J. (2005). Vulnerability likelihood: A probabilistic approach to software assurance. CERIAS, Purdue Univeristy Tech. Rep, 6, 2005.

Vassilaras, S., & Yovanof, G. S. (2010). Wireless innovations as enablers for complex & dynamic artificial systems. Wireless Personal Communications, 53(3), 365–393.CrossRef

Garitano, I., Fayyad, S., & Noll, J. (2015). Multi-metrics approach for security, privacy and dependability in embedded systems. Wireless Personal Communications, 81(4), 1359–1376.CrossRef

Gladisch, A., Daher, R., & Tavangarian, D. (2014). Survey on mobility and multihoming in future internet. Wireless Personal Communications, 74(1), 45–81.CrossRef

McGraw, G. (2006). Software security: Building security in (Vol. 1). Boston: Addison-Wesley Professional.

Chess, B., & McGraw, G. (2004). Static analysis for security. IEEE Security and Privacy, 6, 76–79.CrossRef

Wheeler, D. (2006). Flawfinder home page. Web page: http://www.dwheeler.com/flawfinder.

10.

Viega, J., Bloch, J. T., Kohno, Y., & McGraw, G. (2000). ITS4: A static vulnerability scanner for C and C++ code. In Computer Security Applications, 2000. ACSAC’00. 16th Annual Conference (pp. 257–267). IEEE.

11.

Copeland, T. (2005). PMD applied. https://pmd.github.io. Accessed 19 Aug 2015.

12.

Zhang, J. (2011). A mobile agent-based tool supporting web services testing. Wireless Personal Communications, 56(1), 147–172.CrossRef

13.

Hsueh, M. C., Tsai, T. K., & Iyer, R. K. (1997). Fault injection techniques and tools. Computer, 30(4), 75–82.CrossRef

14.

Source code instrumentation overview at IBM website, http://www-01.ibm.com/support/knowledgecenter/#!/SSSHUF_8.0.0/com.ibm.rational.testrt.doc/topics/cinstruovw.html.

15.

Huang, J. C. (1978). Program instrumentation and software testing. Computer, 4, 25–32.CrossRef

16.

Introduction to instrumentation and tracing at Microsoft developer network website, https://msdn.microsoft.com/en-us/library/aa983649(VS.71).aspx.

17.

Luk, C. K., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., & Hazelwood, K. (2005). Pin: Building customized program analysis tools with dynamic instrumentation. In ACM Sigplan Notices (Vol. 40, No. 6, pp. 190–200). ACM.

18.

Bala, V., Duesterwald, E., & Banerjia, S. (2000). Dynamo: A transparent dynamic optimization system. In ACM SIGPLAN Notices (Vol. 35, No. 5, pp. 1–12). ACM.

19.

Mens, T., & Van Gorp, P. (2006). A taxonomy of model transformation. Electronic Notes in Theoretical Computer Science, 152, 125–142.CrossRef

20.

Object Management Group. http://www.omg.org.

21.

Mell, P., Scarfone, K., & Romanosky, S. (2006). Common vulnerability scoring system. Security & Privacy, IEEE, 4(6), 85–89.CrossRef

22.

Balzarotti, D., Cova, M., Felmetsger, V., Jovanovic, N., Kirda, E., Kruegel, C., & Vigna, G. (2008). Saner: Composing static and dynamic analysis to validate sanitization in web applications. In Security and Privacy, 2008. SP 2008. IEEE Symposium on (pp. 387–401). IEEE.

23.

Halfond, W. G. J., Choudhary, S. R., & Orso, A. (2011). Improving penetration testing through static and dynamic analysis. Software Testing, Verification and Reliability, 21(3), 195–214.CrossRef

24.

Rawat, S., Ceara, D., Mounier, L., & Potet, M. L. (2013). Combining static and dynamic analysis for vulnerability detection. arXiv preprint arXiv:1305.3883.

25.

Eclipse. https://www.eclipse.org/.

26.

Acceleo, Eclipse plugin. http://www.eclipse.org/acceleo/.

27.

MOFM2T. http://www.omg.org/spec/MOFM2T/1.0/.

28.

Thomas, S., & Williams, L. (2007). Using automated fix generation to secure SQL statements. In Proceedings of the Third International Workshop on Software Engineering for Secure Systems (p. 9). IEEE Computer Society.

Titel: Software Vulnerability Detection Methodology Combined with Static and Dynamic Analysis
Publikationsdatum: 01.08.2016
Erschienen in: Wireless Personal Communications / Ausgabe 3/2016
Print ISSN: 0929-6212
Elektronische ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-015-3152-1

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Nachhaltigkeitsaward Key Visual/© Cometis AG/Global ESG Monitor | Daniel Rupp | Generiert mit KI, Search Icon, Banner Hanser, Jonas Klose/© Pine Valley Capital GmbH, Carina Kießling von der Strategieberatung Roland Berger/© Monika Walther Fotografie | ATZ, Beijing Auto Show 2024: Deutsche Hersteller wollen angreifen./© EKH-Pictures / Generated with AI / Stock.adobe.com, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 3/2016

Image Selection Algorithm Proposal for Digital Radiography Training Simulator

An Economic Calibration Method for Fuel Consumption Model in HDM4

Information Security Evaluation Using Multi-Attribute Threat Index

Mining Based Urban Climate Disaster Index Service According to Potential Risk

Convergence Interaction for Communication

A New Performance Assessment Modeling and Development of a Performance Assessment System for a Cloud Service

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.