liu.seSök publikationer i DiVA
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
An advanced approach for modeling and detecting software vulnerabilities
Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan. (ADIT)
Télécom Sud, Paris, France.
Montimage Company, Paris, France.
Linköpings universitet, Institutionen för datavetenskap, Databas och informationsteknik. Linköpings universitet, Tekniska högskolan. (ADIT)
Visa övriga samt affilieringar
2012 (Engelska)Ingår i: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 54, nr 9, s. 997-1013Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Context: Passive testing is a technique in which traces collected from the execution of a system under testare examined for evidence of flaws in the system.

Objective: In this paper we present a method for detecting the presence of security vulnerabilities bydetecting evidence of their causes in execution traces. This is a new approach to security vulnerabilitydetection.

Method: Our method uses formal models of vulnerability causes, known as security goal models and vulnerabilitydetection conditions (VDCs). The former are used to identify the causes of vulnerabilities andmodel their dependencies, and the latter to give a formal interpretation that is suitable for vulnerabilitydetection using passive testing techniques. We have implemented modeling tools for security goal modelsand vulnerability detection conditions, as well as TestInv-Code, a tool that checks execution traces ofcompiled programs for evidence of VDCs.

Results: We present the full definitions of security goal models and vulnerability detection conditions, aswell as structured methods for creating both. We describe the design and implementation of TestInv-Code. Finally we show results obtained from running TestInv-Code to detect typical vulnerabilities in severalopen source projects. By testing versions with known vulnerabilities, we can quantify the effectivenessof the approach.

Conclusion: Although the current implementation has some limitations, passive testing for vulnerabilitydetection works well, and using models as the basis for testing ensures that users of the testing tool caneasily extend it to handle new vulnerabilities.

Ort, förlag, år, upplaga, sidor
Elsevier , 2012. Vol. 54, nr 9, s. 997-1013
Nyckelord [en]
Automatic testing; Dynamic analysis; Secure software engineering; Security modelling; Software security
Nationell ämneskategori
Teknik och teknologier
Identifikatorer
URN: urn:nbn:se:liu:diva-78641DOI: 10.1016/j.infsof.2012.03.004ISI: 000306631700006OAI: oai:DiVA.org:liu-78641DiVA, id: diva2:534210
Projekt
SHIELDSFault-Tolerant and Secure Automotive Embedded SystemsTillgänglig från: 2012-06-15 Skapad: 2012-06-15 Senast uppdaterad: 2018-07-17

Open Access i DiVA

fulltext(1731 kB)2097 nedladdningar
Filinformation
Filnamn FULLTEXT01.pdfFilstorlek 1731 kBChecksumma SHA-512
f6aa85f3112182215574fa78e2ac724dc14e7b0d80ad0cb379b468647becb4203e2b66e27fd4f668465bde637a7078a49798e7e18f4b2a4dfa5fc81c0d0311fc
Typ fulltextMimetyp application/pdf

Övriga länkar

Förlagets fulltext

Person

Shahmehri, NahidByers, DavidArdi, Shanai

Sök vidare i DiVA

Av författaren/redaktören
Shahmehri, NahidByers, DavidArdi, Shanai
Av organisationen
Databas och informationsteknikTekniska högskolan
I samma tidskrift
Information and Software Technology
Teknik och teknologier

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 2097 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

doi
urn-nbn

Altmetricpoäng

doi
urn-nbn
Totalt: 439 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf