liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
Modeling and Pattern Matching Security Properties with Dependence Graphs
Linköping University, Department of Computer and Information Science.
2005 (English)Independent thesis Basic level (professional degree), 20 points / 30 hpStudent thesis
Abstract [en]

With an increasing number of computers connected to the Internet, the number of malicious attacks on computer systems also raises. The key to all successful attacks on information systems is finding a weak spot in the victim system. Some types of bugs in software can constitute such weak spots. This thesis presents and evaluates a technique for statically detecting such security related bugs. It models the analyzed program as well as different types of security bugs with dependence graphs. Errors are detected by searching the program graph model for subgraphs matching security bug models.

The technique has been implemented in a prototype tool called GraphMatch. Its accuracy and performance have been measured by analyzing open source application code for missing input validation vulnerabilities. The test results show that the accuracy obtained so far is low and the complexity of the algorithms currently used cause analysis times of several hours even for fairly small projects. Further research is needed to determine if the performance and accuracy can be improved.

Place, publisher, year, edition, pages
Institutionen för datavetenskap , 2005. , 89 p.
Keyword [en]
information security, static analysis, dependence graphs, pattern matching
National Category
Computer Science
URN: urn:nbn:se:liu:diva-3956ISRN: LITH-IDA-EX--05/067--SEOAI: diva2:20485
Available from: 2005-09-22 Created: 2005-09-22

Open Access in DiVA

fulltext(1570 kB)607 downloads
File information
File name FULLTEXT01.pdfFile size 1570 kBChecksum SHA-1
Type fulltextMimetype application/pdf

By organisation
Department of Computer and Information Science
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 607 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 388 hits
ReferencesLink to record
Permanent link

Direct link