liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
An advanced approach for modeling and detecting software vulnerabilities
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology. (ADIT)
Télécom Sud, Paris, France.
Montimage Company, Paris, France.
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology. (ADIT)
Show others and affiliations
2012 (English)In: Information and Software Technology, ISSN 0950-5849, Vol. 54, no 9, 997-1013 p.Article in journal (Refereed) Published
Abstract [en]

Context: Passive testing is a technique in which traces collected from the execution of a system under testare examined for evidence of flaws in the system.

Objective: In this paper we present a method for detecting the presence of security vulnerabilities bydetecting evidence of their causes in execution traces. This is a new approach to security vulnerabilitydetection.

Method: Our method uses formal models of vulnerability causes, known as security goal models and vulnerabilitydetection conditions (VDCs). The former are used to identify the causes of vulnerabilities andmodel their dependencies, and the latter to give a formal interpretation that is suitable for vulnerabilitydetection using passive testing techniques. We have implemented modeling tools for security goal modelsand vulnerability detection conditions, as well as TestInv-Code, a tool that checks execution traces ofcompiled programs for evidence of VDCs.

Results: We present the full definitions of security goal models and vulnerability detection conditions, aswell as structured methods for creating both. We describe the design and implementation of TestInv-Code. Finally we show results obtained from running TestInv-Code to detect typical vulnerabilities in severalopen source projects. By testing versions with known vulnerabilities, we can quantify the effectivenessof the approach.

Conclusion: Although the current implementation has some limitations, passive testing for vulnerabilitydetection works well, and using models as the basis for testing ensures that users of the testing tool caneasily extend it to handle new vulnerabilities.

Place, publisher, year, edition, pages
Elsevier , 2012. Vol. 54, no 9, 997-1013 p.
Keyword [en]
Automatic testing; Dynamic analysis; Secure software engineering; Security modelling; Software security
National Category
Engineering and Technology
URN: urn:nbn:se:liu:diva-78641DOI: 10.1016/j.infsof.2012.03.004OAI: diva2:534210
SHIELDSFault-Tolerant and Secure Automotive Embedded Systems
Available from: 2012-06-15 Created: 2012-06-15 Last updated: 2012-08-30

Open Access in DiVA

fulltext(1731 kB)839 downloads
File information
File name FULLTEXT01.pdfFile size 1731 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Search in DiVA

By author/editor
Shahmehri, NahidByers, DavidArdi, Shanai
By organisation
Database and information techniquesThe Institute of Technology
In the same journal
Information and Software Technology
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 839 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Altmetric score

Total: 145 hits
ReferencesLink to record
Permanent link

Direct link