Applying dataflow analysis to detecting software vulnerability
- Title
- Applying dataflow analysis to detecting software vulnerability
- Author
- 도경구
- Keywords
- Dataflow analysis; Software vulnerability; Static analysis
- Issue Date
- 2008-02
- Publisher
- IEEE
- Citation
- 2008 10th International Conference on Advanced Communication Technology, Page. 255-258
- Abstract
- In this paper, we propose a software vulnerability
checker which takes rules describing vulnerability patterns and a
source program as input and detects locations and paths of the patterns
in the program. Simple and flow patterns for vulnerabilities
are described as rules in the specification language we designed. The
lightweight control and data flow analysis is necessary to detect flow
patterns. Newly discovered vulnerability patterns can easily be added
to the existing rules. We implement the detector in three parts: a pattern
matcher which finds locations of vulnerabilities in source program,
a flow graph constructor which extracts the control flow and
data flow from the program, and a flow analyzer which finds program’s
vulnerable execution paths.
- URI
- https://ieeexplore.ieee.org/document/4493756https://repository.hanyang.ac.kr/handle/20.500.11754/104319
- ISSN
- 1738-9445
- DOI
- 10.1109/ICACT.2008.4493756
- Appears in Collections:
- COLLEGE OF COMPUTING[E](소프트웨어융합대학) > COMPUTER SCIENCE(소프트웨어학부) > Articles
- Files in This Item:
There are no files associated with this item.
- Export
- RIS (EndNote)
- XLS (Excel)
- XML