Yanmiao Zhang,Xiaoyu Ji,Yushi Cheng,Wenyuan Xu

DOI: https://doi.org/10.23919/ChiCC.2019.8866144

2019-01-01

Abstract:As a modern power transmission network, smart grid connects abundant terminal devices and plays an important role in our daily life. However, along with its growth are the security threats. Different from the separated environment previously, an adversary nowadays can destroy the power system by attacking its terminal devices. As a result, it's critical to ensure the security and safety of terminal devices. To achieve it, detecting the pre-existing vulnerabilities in the terminal program and enhancing its security, are of great importance and necessity. In this paper. we introduce Cker, a novel vulnerability detection tool for smart grid devices, which generates an program model based on device sources and sets rules to perform model checking. We utilize the static analysis to extract necessary information and build corresponding program models. By further checking the model with pre-defined vulnerability patterns, we achieve security detection and error reporting. The evaluation results demonstrate that our method can effectively detect vulnerabilities in smart devices with an acceptable accuracy and false positive rate. In addition, as Cker is realized by pure python. it can be easily scaled to other platforms.

Huan Ying,Yanmiao Zhang,Lifang Han,Yushi Cheng,Jiyuan Li,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ITNEC.2019.8729362

2019-01-01

Abstract:As a modern power transmission network, smart grid connects plenty of terminal devices. However, along with the growth of devices are the security threats. Different from the previous separated environment, an adversary nowadays can destroy the power system by attacking these devices. Therefore, it’s critical to ensure the security and safety of terminal devices. To achieve this goal, detecting the pre-existing vulnerabilities of the device program and enhance the terminal security, are of great importance and necessity. In this paper, we propose a novel approach that detects existing buffer-overflow vulnerabilities of terminal devices via automatic static analysis (ASA). We utilize the static analysis to extract the device program information and build corresponding program models. By further matching the generated program model with pre-defined vulnerability patterns, we achieve vulnerability detection and error reporting. The evaluation results demonstrate that our method can effectively detect buffer-overflow vulnerabilities of smart terminals with a high accuracy and a low false positive rate.

Ruoyu Zhang,Shiqiu Huang,Zhengwei Qi,Haibin Guan

DOI: https://doi.org/10.1109/IMIS.2011.59

2011-01-01

Abstract:Dynamic taint analysis has been proved to be very effective in solving security problems recently, especially in software vulnerability detection and malicious behavior prevention. Unfortunately, most of current researches in this field focus on the runtime protection, and are incapable to discover the potential threat in the software. This paper describes a novel approach to overcome the limitation of traditional dynamic taint analysis by integrating static analysis into the system and presents framework SDCF. The framework translates the binary into assembly code and tracks the data flow. Then with static method, the system can get the important information which can't be gained at runtime, such as unexecuted part of the code. When this information is acquired, they will be provided to the client tools. The practicability of the framework is validated by implementing and evaluating a tool built on SDCF. The result of the experiments shows that our system is able to detect latent software vulnerabilities efficiently.

XIA Yi-Min,LUO Jun,ZHANG Min-Xuan

DOI: https://doi.org/10.3969/j.issn.1002-137X.2006.10.074

2006-01-01

Computer Science

Abstract:Security vulnerability of software is a serious threat for information security. Static analysis can find security vulnerabilities by automatically deriving information about the behavior of software. Comparing with other program analysis methods, static analysis method can detect security vulnerabilities automatically and effectively. This paper presents the theory basis and principles of static analysis methods, and introduces their applications and characters in security vulnerabilities detection. At last, we show some security languages which can support detection of security vulnerability.

Lian Yu,Jun Zhou,Yue Yi,Jianchu Fan,Qianxiang Wang

DOI: https://doi.org/10.1109/qsic.2009.10

2009-01-01

Abstract:Static analysis works well at checking defects that clearly map to source code constructs. Model checking can find defects of deadlocks and routing loops that are not easily detected by static analysis, but faces the problem of state explosion. This paper proposes a hybrid approach to detecting security defects in programs. Fuzzy Inference System is used to infer selection among the two detection approaches. A cluster algorithm is developed to divide a large system into several clusters in order to apply model checking. Ontology based static analysis employs logic reasoning to intelligently detect the defects. We also put forwards strategies to improve performance of the static analysis. At last, we perform experiments to evaluate the accuracy and performance of the hybrid approach.

Jingling Zhao,Rulin Gong

DOI: https://doi.org/10.1109/IMIS.2015.42

2015-01-01

Abstract:Nowadays, Web applications provide us most of the Internet services, but also give birth to more and more new types of Internet applications. While, according to the developers' programming techniques and safety awareness, there are many kinds of Web application security flaws and vulnerabilities hiding in the program. So it is very important to improve their reliability and security. Usually people use code review based on static or dynamic analysis to detect security vulnerabilities, but each method has shortcomings that can't overcome easily which can result in a big number of false positives and omission. To address this issue, this paper proposed a new framework of detecting security vulnerabilities of PHP web application. In this framework, we combine dynamic and static analysis to make full use of the advantages of the two, greatly improve the efficiency of detection. An implementation based on this framework has also been completed and it will also be presented in the paper.

Jun Zhu,Jing Xie,Heather Richter Lipford,Bill Chu

DOI: https://doi.org/10.1016/j.jare.2013.11.006

IF: 12.822

2014-01-01

Journal of Advanced Research

Abstract:Many security incidents are caused by software developers’ failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE) and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases.

Cheng Yong,Yang Ling,Jin Wenjia,Yang Wenzhong,Wang Wei,Wang Feng,Zhou Yong

DOI: https://doi.org/10.4028/www.scientific.net/amr.403-408.2981

2011-01-01

Advanced Materials Research

Abstract:This paper proposed a method and a prototype using static analysis to detect security of computer software. There are many buffer overflow vulnerabilities in released software. It uses the static object code analysis technology to detect buffer overflow, and analysis some unsafe function to determine whether the software has some default. It compares the different results of the proposed tool and traditional buffer overflow detecting tools, the false alarm rate is less than others, false negative rate is same as others.

Yan Wu,Jingyi Su,David D. Moran,Chris D. Near

DOI: https://doi.org/10.48550/arXiv.2301.06215

2023-01-15

Software Engineering

Abstract:The mass production of complex software has made it impossible to manually test it for security vulnerabilities. Automated security testing tools come in a variety of flavors, function at various stages of software development, and target different categories of software vulnerabilities. It is great that we have a plethora of automated tools to choose from, but it is a problem that their adoption and recognition are not prominent. The purpose of this study is to explore the possibilities of existing techniques while also broadening the horizon by exploring the future of security testing tools and related techniques.

Pingyan Wang,Shaoying Liu,Ai Liu,Wen Jiang

DOI: https://doi.org/10.1016/j.jss.2023.111902

IF: 3.5

2024-02-01

Journal of Systems and Software

Abstract:Detecting security vulnerabilities is a crucial part in secure software development. Many static analysis tools have proved to be effective in finding vulnerabilities, but generally there are some complex and subtle vulnerabilities that can escape from detection. Manual audits are a complementary approach to using tools. Unfortunately, most manual analyses are tedious and error prone. To benefit from both the tools and manual audits, some approaches incorporate the auditor's expertise into a static analysis tool during vulnerability discovery. Following this strategy, this paper presents a representation of source code called a vulnerability net, which is a special Petri net that integrates with data dependence graphs and control flow graphs. The combined representation can facilitate the detection of taint-style vulnerabilities such as buffer overflows and injection vulnerabilities. We test the proposed approach on Securibench Micro and demonstrate that it has the capability to identify a variety of vulnerabilities while keeping the rates of false negatives and positives low.

computer science, theory & methods, software engineering

Ruoyu Zhang,Shiqiu Huang,Zhengwei Qi,Haibing Guan

DOI: https://doi.org/10.1016/j.camwa.2011.08.001

IF: 3.218

2012-01-01

Computers & Mathematics with Applications

Abstract:The evolution of computer science has exposed us to the growing gravity of security problems and threats. Dynamic taint analysis is a prevalent approach to protect a program from malicious behaviors, but fails to provide any information about the code which is not executed. This paper describes a novel approach to overcome the limitation of traditional dynamic taint analysis by integrating static analysis into the system and presents framework SDCF to detect software vulnerabilities with high code coverage. Our experiments show that SDCF is not only able to provide efficient runtime protection by introducing an overhead of 4.16× based on the taint tracing technique, but is also capable of discovering latent software vulnerabilities which have not been exploited, and achieve code coverage of more than 90%.

Jun Zhu,Bill Chu,Heather Richter Lipford,Tyler Thomas

DOI: https://doi.org/10.1145/2752952.2752976

2015-01-01

Abstract:ABSTRACTAccess control vulnerabilities due to programming errors have consistently ranked amongst top software vulnerabilities. Previous research efforts have concentrated on using automatic program analysis techniques to detect access control vulnerabilities in applications. We report a comparative study of six open source PHP applications, and find that implicit assumptions of previous research techniques can significantly limit their effectiveness. We propose a more effective hybrid approach to mitigate access control vulnerabilities. Developers are reminded in-situ of potential access control vulnerabilities, where self-review of code can help them discover mistakes. Additionally, developers are prompted for application-specific access control knowledge, providing samples of code that could be thought of as static analysis by example. These examples are turned into code patterns that can be used in performing static analysis to detect additional access control vulnerabilities and alert the developer to take corrective actions. Our evaluation of six open source applications detected 20 zero-day access control vulnerabilities in addition to finding all access control vulnerabilities detected in previous works.

Deguang Kong,Quan Zheng,Chao Chen,Jianmei Shuai,Ming Zhu

DOI: https://doi.org/10.4108/infoscale.2007.910

2007-01-01

Abstract:Static analysis is a kind of effective method to detect the vulnerabilities in the software. Without running the programs, static analysis tools can be used to automatically discover unknown bugs. To cope with the problem of high false positives and false negatives in source code static analysis methods, this paper presents a source code static analysis technology for vulnerability detection based on data fusion. By parsing and making data fusion on the outcome of different static analysis methods, this technology lets different results validate each other, which greatly decreases the false positives and false negatives. Brief explanations are given to support this method. A prototype system of scalable source code analysis system (ISA for short) is designed and implemented which also can automatically search for the best result based on feedback of the user interaction. The whole system is scalable and platform-independent. It is proved by experiment that this method has a better performance with lower false positives and false negatives and higher efficiency compared with one single method.

Lian Yu,Shi-Zhong Wu,Tao Guo,Guo-Wei Dong,Cheng-Cheng Wan,Yin-Hang Jing

DOI: https://doi.org/10.1007/978-3-642-25243-3_27

2011-01-01

Abstract:Static analysis technologies and tools have been widely adopted in detecting software bugs and vulnerabilities. However, traditional approaches have their limitations on extensibility and reusability due to their methodologies, and are unsuitable to describe subtle vulnerabilities under complex and unaccountable contexts. This paper proposes an approach of static analysis based on ontology model enhanced by program slicing technology for detecting software vulnerabilities. We use Ontology Web Language (OWL) to model the source code and Semantic Web Rule Language (SWRL) to describe the bug and vulnerability patterns. Program slicing criteria can be automatically extracted from the SWRL rules and adopted to slice the source code. A prototype of security vulnerability detection (SVD) tool is developed to show the validity of the proposed approach.

LI Zhen,ZOU Deqing,WANG Zeli,JIN Hai

DOI: https://doi.org/10.11959/j.issn.2096-109x.2019001

2019-01-01

Abstract:Static software vulnerability detection is mainly divided into two types according to different analysis objects: vulnerability detection for binary code and vulnerability detection for source code. Because the source code contains more semantic information, it is more favored by code auditors. The existing vulnerability detection research works for source code are summarized from four aspects: code similarity-based vulnerability detection, symbolic execution-based vulnerability detection, rule-based vulnerability detection, and machine learning-based vulnerability detection. The vulnerability detection system based on source code similarity and the intelligent software vulnerability detection system for source code are taken as two examples to introduce the process of vulnerability detection in detail.

Wei-Jun SHEN,En-Yi TANG,Zhen-Yu CHEN,Xin CHEN,Bin LI,Juan ZHAI

DOI: https://doi.org/10.13328/j.cnki.jos.005503

2018-01-01

Abstract:Vulnerability detection is an important way of improving the security of software.However,the development of the Internet makes it possible for hackers to attack software systems with new techniques.This paper focuses on a new kind of vulnerability that relates to numerical stability.It poses new threat to software security as hackers are able to bypass security protection by the new kind of vulnerability,and numerical analysis is difficult to detect such a vulnerability.In the paper,the vulnerability related to numerical stability is defined from the perspective of software behavior variation caused by numerical errors,and an automatic detection approach is proposed.The approach combines the static analysis and symbolic execution,and detects the vulnerability by three steps:symbolic extraction,static attack analysis,and dynamic attack verification with high precision values.This new approach is evaluated on a few famous open source projects.The results show that the proposed approach effectively detects the vulnerabilities related to numerical stability hidden in the real-world projects.

宁慧,文雪巍,邹韵,吴良杰

DOI: https://doi.org/10.3969/j.issn.1009-671x.2011.06.007

2011-01-01

Abstract:With the maturitg of computer technology and the application of Internet in different fields,information security is becoming more and more important.Different kinds of software vulnerability may be used by computer viruses and Trojan horses to cause different kinds of problems.Data-driven vulnerability is one of the most common and most likely to be used vulnerabilities in all of the vulnerabilities.However,the static detection now is not thorough and still has some flaws.This paper proposes a static detection algorithm based on semantic analysis to detect data-driven vulnerability.The algorithm defines lexical elements and syntax elements,and implements the detection of the semantic level for the vulnerability based on the analysis of lexical elements and syntax elements.Compared to the traditional static detection which uses the principles of a compiler,the new static detection makes a more accurate detection for data-driven vulnerability.In the end,a static detection system is designed and implemented,and is proved valid by experiment.

Zhixin Sun,Xubin Wang,Yuhua Xu

DOI: https://doi.org/10.1109/SWC57546.2023.10448993

2023-08-28

Abstract:Presently power network security attacks occur frequently, data security and privacy communication are facing a major threat, and secure data communication is imminent. Aiming at the injection attack type of Cross-site scripting attack(XSS), we analyze it and design a hybrid dynamic testing technology method. SVM is combined to build a discriminator to distinguish malignant scripts. Browser tools are used to simulate attacks and built-in script execution functions are used to continuously monitor the target attribute values and page status, dynamically discover malicious content, and improve source code security. Experiments show that this method is effective for vulnerability detection. It has low overhead in the process of implementing dynamic testing and effectively improves the accuracy of vulnerability analysis combined with static content analysis.

Computer Science

Amr Amin,Amgad Eldessouki,Menna Tullah Magdy,Nouran Abdeen,Hanan Hindy,Islam Hegazy

DOI: https://doi.org/10.3390/info10100326

2019-10-22

Information

Abstract:The security of mobile applications has become a major research field which is associated with a lot of challenges. The high rate of developing mobile applications has resulted in less secure applications. This is due to what is called the “rush to release” as defined by Ponemon Institute. Security testing—which is considered one of the main phases of the development life cycle—is either not performed or given minimal time; hence, there is a need for security testing automation. One of the techniques used is Automated Vulnerability Detection. Vulnerability detection is one of the security tests that aims at pinpointing potential security leaks. Fixing those leaks results in protecting smart-phones and tablet mobile device users against attacks. This paper focuses on building a hybrid approach of static and dynamic analysis for detecting the vulnerabilities of Android applications. This approach is capsuled in a usable platform (web application) to make it easy to use for both public users and professional developers. Static analysis, on one hand, performs code analysis. It does not require running the application to detect vulnerabilities. Dynamic analysis, on the other hand, detects the vulnerabilities that are dependent on the run-time behaviour of the application and cannot be detected using static analysis. The model is evaluated against different applications with different security vulnerabilities. Compared with other detection platforms, our model detects information leaks as well as insecure network requests alongside other commonly detected flaws that harm users’ privacy. The code is available through a GitHub repository for public contribution.

Bhargava Shastry,Fabian Yamaguchi,Konrad Rieck,Jean-Pierre Seifert

DOI: https://doi.org/10.48550/arXiv.1508.04627

2016-04-07

Abstract:Eliminating vulnerabilities from low-level code is vital for securing software. Static analysis is a promising approach for discovering vulnerabilities since it can provide developers early feedback on the code they write. But, it presents multiple challenges not the least of which is understanding what makes a bug exploitable and conveying this information to the developer. In this paper, we present the design and implementation of a practical vulnerability assessment framework, called Melange. Melange performs data and control flow analysis to diagnose potential security bugs, and outputs well-formatted bug reports that help developers understand and fix security bugs. Based on the intuition that real-world vulnerabilities manifest themselves across multiple parts of a program, Melange performs both local and global analyses. To scale up to large programs, global analysis is demand-driven. Our prototype detects multiple vulnerability classes in C and C++ code including type confusion, and garbage memory reads. We have evaluated Melange extensively. Our case studies show that Melange scales up to large codebases such as Chromium, is easy-to-use, and most importantly, capable of discovering vulnerabilities in real-world code. Our findings indicate that static analysis is a viable reinforcement to the software testing tool set.

Cryptography and Security,Programming Languages