WANG Chun-lei,LIU Qiang,ZHAO Gang,DAI Yi-qi

DOI: https://doi.org/10.3969/j.issn.1002-137X.2010.04.031

2010-01-01

Computer Science

Abstract:In order to analyze vulnerabilities in executable programs,a vulnerability analysis framework for binaries based upon model checking was proposed.Firstly,the abstract model of binary was defined,and the formal models of vulnerabilities based upon finite state automaton and the representations of software security attributes based upon event system were described.Then,the model checking based vulnerability analysis process and algorithm were proposed with respect to the abstract models of binaries and the security attributes to be checked.After that,the prototype of vulnerability analysis tool was designed and implemented based upon the framework.The illustrative sample program was analyzed to show in detail the principles of the framework,and the experimental results show the effectiveness of the analysis method.

Yanmiao Zhang,Xiaoyu Ji,Yushi Cheng,Wenyuan Xu

DOI: https://doi.org/10.23919/ChiCC.2019.8866144

2019-01-01

Abstract:As a modern power transmission network, smart grid connects abundant terminal devices and plays an important role in our daily life. However, along with its growth are the security threats. Different from the separated environment previously, an adversary nowadays can destroy the power system by attacking its terminal devices. As a result, it's critical to ensure the security and safety of terminal devices. To achieve it, detecting the pre-existing vulnerabilities in the terminal program and enhancing its security, are of great importance and necessity. In this paper. we introduce Cker, a novel vulnerability detection tool for smart grid devices, which generates an program model based on device sources and sets rules to perform model checking. We utilize the static analysis to extract necessary information and build corresponding program models. By further checking the model with pre-defined vulnerability patterns, we achieve security detection and error reporting. The evaluation results demonstrate that our method can effectively detect vulnerabilities in smart devices with an acceptable accuracy and false positive rate. In addition, as Cker is realized by pure python. it can be easily scaled to other platforms.

XU You-fu,WEN Wei-ping,WAN Zheng-su

DOI: https://doi.org/10.3969/j.issn.1671-1122.2011.08.026

2011-01-01

Abstract:The paper though studying automata theory, proposed a vulnerability-based model checking Mining vulnerability theory, as the bulk discover unknown vulnerabilities to provide a theoretical basis.

Haibin Shen,Jimin Wang,Lingdi Ping,Kang Sun

DOI: https://doi.org/10.1007/11689522_32

2006-01-01

Abstract:Flexible features of C can be misused and result in potential vulnerabilities which are hard to detect by performing only static checking. Existing tools either give up run-time type checking or employ a type system whose granularity is too coarse (it does not differentiate between pointer types) so that many errors may go undetected. This paper presents a dynamic checking approach to conquer them. A type system that is based on the physical layout of data types and has the proper granularity has been employed. Rules for propagating dynamic types and checking for compatibility of types during execution of the target program are also set up. Then a model of dynamic type checking on this type system to capture run-time type errors is built. Experimental results show that it can catch most errors, including those may become system vulnerabilities and the overhead is moderate.

Zhi-yuan WAN,Bo ZHOU

DOI: https://doi.org/10.3785/j.issn.1008-973x.2015.04.011

2015-01-01

Abstract:An approach based on static information flow tracking was proposed to detect input validation vulnerabilities in order to reduce the false positive rate of vulnerability detection techniques based on static analysis.The approach was implemented on top of the static code analysis tool FindBugs.The performance and precision of our approach were evaluated.Experimental results show that our approach can effectively detect input validation vulnerabilities.The false positive rate of FindBugs was reduced by 55.7% without significantly slowing the performance.

Lian Yu,Shi-Zhong Wu,Tao Guo,Guo-Wei Dong,Cheng-Cheng Wan,Yin-Hang Jing

DOI: https://doi.org/10.1007/978-3-642-25243-3_27

2011-01-01

Abstract:Static analysis technologies and tools have been widely adopted in detecting software bugs and vulnerabilities. However, traditional approaches have their limitations on extensibility and reusability due to their methodologies, and are unsuitable to describe subtle vulnerabilities under complex and unaccountable contexts. This paper proposes an approach of static analysis based on ontology model enhanced by program slicing technology for detecting software vulnerabilities. We use Ontology Web Language (OWL) to model the source code and Semantic Web Rule Language (SWRL) to describe the bug and vulnerability patterns. Program slicing criteria can be automatically extracted from the SWRL rules and adopted to slice the source code. A prototype of security vulnerability detection (SVD) tool is developed to show the validity of the proposed approach.

Anil Kumar Karna,Yuting Chen,Haibo Yu,Hao Zhong,Jianjun Zhao

DOI: https://doi.org/10.1007/s11704-016-6192-0

IF: 2.6688

2018-04-27

Frontiers of Computer Science

Abstract:Model checking is a formal verification technique. It takes an exhaustively strategy to check hardware circuits and network protocols against desired properties. Having been developed for more than three decades, model checking is now playing an important role in software engineering for verifying rather complicated software artifacts.This paper surveys the role of model checking in software engineering. In particular, we searched for the related literatures published at reputed conferences, symposiums, workshops, and journals, and took a survey of (1) various model checking techniques that can be adapted to software development and their implementations, and (2) the use of model checking at different stages of a software development life cycle. We observed that model checking is useful for software debugging, constraint solving, and malware detection, and it can help verify different types of software systems, such as object- and aspect-oriented systems, service-oriented applications, web-based applications, and GUI applications including safety- and mission-critical systems.The survey is expected to help human engineers understand the role of model checking in software engineering, and as well decide which model checking technique(s) and/or tool(s) are applicable for developing, analyzing and verifying a practical software system. For researchers, the survey also points out how model checking has been adapted to their research topics on software engineering and its challenges.

computer science, information systems, theory & methods, software engineering

Jun Zhu,Bill Chu,Heather Richter Lipford,Tyler Thomas

DOI: https://doi.org/10.1145/2752952.2752976

2015-01-01

Abstract:ABSTRACTAccess control vulnerabilities due to programming errors have consistently ranked amongst top software vulnerabilities. Previous research efforts have concentrated on using automatic program analysis techniques to detect access control vulnerabilities in applications. We report a comparative study of six open source PHP applications, and find that implicit assumptions of previous research techniques can significantly limit their effectiveness. We propose a more effective hybrid approach to mitigate access control vulnerabilities. Developers are reminded in-situ of potential access control vulnerabilities, where self-review of code can help them discover mistakes. Additionally, developers are prompted for application-specific access control knowledge, providing samples of code that could be thought of as static analysis by example. These examples are turned into code patterns that can be used in performing static analysis to detect additional access control vulnerabilities and alert the developer to take corrective actions. Our evaluation of six open source applications detected 20 zero-day access control vulnerabilities in addition to finding all access control vulnerabilities detected in previous works.

Jacob A. Harer,Louis Y. Kim,Rebecca L. Russell,Onur Ozdemir,Leonard R. Kosta,Akshay Rangamani,Lei H. Hamilton,Gabriel I. Centeno,Jonathan R. Key,Paul M. Ellingwood,Erik Antelman,Alan Mackay,Marc W. McConley,Jeffrey M. Opper,Peter Chin,Tomo Lazovich

DOI: https://doi.org/10.48550/arXiv.1803.04497

2018-02-14

Software Engineering

Abstract:Thousands of security vulnerabilities are discovered in production software each year, either reported publicly to the Common Vulnerabilities and Exposures database or discovered internally in proprietary code. Vulnerabilities often manifest themselves in subtle ways that are not obvious to code reviewers or the developers themselves. With the wealth of open source code available for analysis, there is an opportunity to learn the patterns of bugs that can lead to security vulnerabilities directly from data. In this paper, we present a data-driven approach to vulnerability detection using machine learning, specifically applied to C and C++ programs. We first compile a large dataset of hundreds of thousands of open-source functions labeled with the outputs of a static analyzer. We then compare methods applied directly to source code with methods applied to artifacts extracted from the build process, finding that source-based models perform better. We also compare the application of deep neural network models with more traditional models such as random forests and find the best performance comes from combining features learned by deep models with tree-based models. Ultimately, our highest performing model achieves an area under the precision-recall curve of 0.49 and an area under the ROC curve of 0.87.

LIU Bo,WEN Wei-ping,SUN Hui-ping,QING Si-han

DOI: https://doi.org/10.3969/j.issn.1671-1122.2009.05.013

2009-01-01

Abstract:With the increasing harmfulness of software vulnerability, identifying potential vulnerabilities in software has become the focus of security research. The current analysis method can be roughly divided into two categories: static analysis and dynamic analysis. This paper presents an idea based on open source static analysis tool BugScam. First, set up vulnerability model. Then, map the model to program and begin vulnerability analysis. We classified vulnerability model to function model and logic model and research the corresponding relationship between model and program. Finally, we give an introduction of our improved automatic vulnerability analysis tool ClearBug. The experiment results show that our tool can effectively find out some software vulnerability.

Lu Chen,Jian Jiao,Jiping Fan,Fuchun Ren

DOI: https://doi.org/10.1109/rams.2016.7447978

2016-01-01

Abstract:Fault propagation identification is an indispensable task in complex system safety analysis. With the growing of system scale and complexity, it is hard for the traditional safety analysis techniques, which depend mainly on analysts' personal skills and experiences, to keep completeness and timeliness; moreover, some failure modes may be neglected and failure effects misjudged during the analysis. Formal science provides a new way to solve this problem, where formal verification method such as model checking can automatically validate whether the system design satisfies the given safety requirements, which can reduce an analysts' repetitive work and design cost, and improve the efficiency and quality of safety analysis. However, there is lack of a deliberate and reasonable way to build system models because of the diversity and flexibility of languages used for model checking, which results in that it is difficult to specify and model system quickly and accurately, and leads to some deviation in model checking. In this paper, a system modeling and safety property specifying approach using symbolic language SMV is proposed, including guidance on the mapping relationships between the formal language elements and system functions, architecture and failure modes; moreover, how to define system specifications and safety requirements using temporal logic formulas is discussed as well. Finally, a case study about airborne system safety analysis is provided, in which the counter-examples that do not meet system specifications can be identified automatically using model checker NuSMV to find out fault events and their propagation that can result in accidents.

Ming Huang,Yisha Lu,Qingkai Zeng

2010-01-01

Abstract:As the core of various security problems, software vulnerability is the main challenge in the information security field. Particularly, software vulnerability modeling is an actively defensive measure for software security, aiming to detect and eliminate the potential vulnerabilities before they have been exploited. In this paper, a structured and graphic method for modeling vulnerability is proposed. The method combines the advantages of existing methods to depict and reason about security vulnerabilities, which would be useful for a better understanding of the nature of vulnerabilities, and become an effective way to detect and prevent the software vulnerabilities. The practical application result shows that GSM could reveal some related information and properties that existing methods cannot find in the vulnerability databases in public.

Lingyun Situ,Liang Zou,Linzhang Wang,Yang Liu,Bing Mao,Xuandong Li

DOI: https://doi.org/10.1145/3183440.3194949

2018-01-01

Abstract:Missing check for untrusted input used in security-sensitive operations is one of the major causes of various serious vulnerabilities. Thus, efficiently detecting missing checks for realistic software is essential for identify insufficient attack protections. We propose a systematic static approach to detect missing checks in C/C++ programs. An automated and cross-platform tool named Vanguard was implemented on top of Clang/LLVM 3.6.0. And experimental results have shown its effectiveness and efficiency.

Wei-Jun SHEN,En-Yi TANG,Zhen-Yu CHEN,Xin CHEN,Bin LI,Juan ZHAI

DOI: https://doi.org/10.13328/j.cnki.jos.005503

2018-01-01

Abstract:Vulnerability detection is an important way of improving the security of software.However,the development of the Internet makes it possible for hackers to attack software systems with new techniques.This paper focuses on a new kind of vulnerability that relates to numerical stability.It poses new threat to software security as hackers are able to bypass security protection by the new kind of vulnerability,and numerical analysis is difficult to detect such a vulnerability.In the paper,the vulnerability related to numerical stability is defined from the perspective of software behavior variation caused by numerical errors,and an automatic detection approach is proposed.The approach combines the static analysis and symbolic execution,and detects the vulnerability by three steps:symbolic extraction,static attack analysis,and dynamic attack verification with high precision values.This new approach is evaluated on a few famous open source projects.The results show that the proposed approach effectively detects the vulnerabilities related to numerical stability hidden in the real-world projects.

Junyan Qian,Baowen Xu,Yingzhou Zhang

2007-01-01

Journal of Computational Information Systems

Abstract:Model checking is an automatic formal verification technique for a finite state system. Iterative abstraction refinement has emerged recently as the leading approach to software model checking. We present a methodology for automatically verifying programs against safety specifications based on finite state machine. As the first step, an initial abstract model is automatically extracted from source code using predicate abstraction and theorem proving. In order to reduce time complexities of this process, we partition the set of candidate predicates into subsets, and then construct abstract model independently.

Zhidong Shen,Si Chen

DOI: https://doi.org/10.1155/2020/8858010

IF: 1.968

2020-09-29

Security and Communication Networks

Abstract:Open source software has been widely used in various industries due to its openness and flexibility, but it also brings potential software security problems. Together with the large-scale increase in the number of software and the increase in complexity, the traditional manual methods to deal with these security issues are inefficient and cannot meet the current cyberspace security requirements. Therefore, it is an important research topic for researchers in the field of software security to develop more intelligent technologies to apply to potential security issues in software. The development of deep learning technology has brought new opportunities for the study of potential security issues in software, and researchers have successively proposed many automation methods. In this paper, these automation technologies are evaluated and analysed in detail from three aspects: software vulnerability detection, software program repair, and software defect prediction. At the same time, we point out some problems of these research methods, give corresponding solutions, and finally look forward to the application prospect of deep learning technology in automated software vulnerability detection, automated program repair, and automated defect prediction.

computer science, information systems,telecommunications

JiaJing Li,Tao Wei,Jian Mao

2007-01-01

Abstract:Two research results of temporal vulnerabilities in x86 executables were giveded. First two new models of temporal vulnerabilities were presented; secondly a method of building pushdown automata for executables was given. Experiments showed the method was effective to verify and find temporal vulnerabilities in x86 executables.

Kaled Alshmrany,Lucas Cordeiro

DOI: https://doi.org/10.48550/arXiv.2001.09592

2020-01-27

Cryptography and Security

Abstract:Implementations of network protocols are often prone to vulnerabilities caused by developers' mistakes when accessing memory regions and dealing with arithmetic operations. Finding practical approaches for checking the security of network protocol implementations has proven to be a challenging problem. The main reason is that the protocol software state-space is too large to be explored. Here we propose a novel verification approach that combines fuzzing with symbolic execution to verify intricate properties in network protocol implementations. We use fuzzing for an initial exploration of the network protocol, while symbolic execution explores both the program paths and protocol states, which were uncovered by fuzzing. From this combination, we automatically generate high-coverage test input packets for a network protocol implementation. We surveyed various approaches based on fuzzing and symbolic execution to understand how these techniques can be effectively combined and then choose a suitable tool to develop further our model on top of it. In our preliminary evaluation, we used ESBMC, Map2Check, and KLEE as software verifiers and SPIKE as fuzzer to check their suitability to verify our network protocol implementations. Our experimental results show that ESBMC can be further developed within our verification framework called \textit{FuSeBMC}, to efficiently and effectively detect intricate security vulnerabilities in network protocol implementations.

Ruirui Chen,Yusheng Liu,Jianjun Zhao,Xiaoping Ye

DOI: https://doi.org/10.1002/sys.21470

IF: 2.034

2018-08-24

Systems Engineering

Abstract:Increasing complexity of mechatronic products leads to more challenging designs. As the most important stage, system design determines the overall product architecture. Defects in this stage are difficult to rectify in future stages, thus requiring greater model accuracy. With the development of model‐based systems engineering (MBSE), model verification can detect design defects, reduce development costs, improve development efficiency, and ensure system reliability. Currently, conventional verifications are performed only after design processes, which makes it difficult to make systematic modifications. To solve this problem, a model verification method implemented in the design stage is proposed in this study. Using this method, designers are able to detect defects earlier, thereby reducing modification costs. The proposed method is as follows: first, a language named Relation‐based Modeling for Static Properties (RMSP) is proposed to formalize the static properties of requirements; second, the representation of “Conceptual Graphs” is extended to meet the needs of model verification of mechatronic products; finally, requirements in RMSP and system design in Systems Modeling Language (SysML) are transformed into the Extension of Conceptual Graphs. In this manner, the incorrectness and inconsistencies between requirements and system design can be found through projection in the system design stage. The omitted or improperly designed requirement items would be found and redesigned to fulfill the product requirements.

engineering, industrial,operations research & management science

Ling-Yun Situ,Lin-Zhang Wang,Yang Liu,Bing Mao,Xuan-Dong Li

DOI: https://doi.org/10.1007/s11390-019-1955-3

IF: 1.871

2019-01-01

Journal of Computer Science and Technology

Abstract:Missing checks for untrusted inputs used in security-sensitive operations is one of the major causes of various vulnerabilities. Efficiently detecting and repairing missing checks are essential for prognosticating potential vulnerabilities and improving code reliability. We propose a systematic static analysis approach to detect missing checks for manipulable data used in security-sensitive operations of C/C++ programs and recommend repair references. First, customized securitysensitive operations are located by lightweight static analysis. Then, the assailability of sensitive data used in securitysensitive operations is determined via taint analysis. And, the existence and the risk degree of missing checks are assessed. Finally, the repair references for high-risk missing checks are recommended. We implemented the approach into an automated and cross-platform tool named Vanguard based on Clang/LLVM 3.6.0. Large-scale experimental evaluation on open-source projects has shown its effectiveness and efficiency. Furthermore, Vanguard has helped us uncover five known vulnerabilities and 12 new bugs.