Vulcloud: Scalable and Hybrid Vulnerability Detection in Cloud Computing

2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-18 DOI:10.1109/SERE-C.2013.17

Jingzheng Wu, Y. Wu, Zhifei Wu, Mutian Yang, Yongji Wang

{"title":"Vulcloud: Scalable and Hybrid Vulnerability Detection in Cloud Computing","authors":"Jingzheng Wu, Y. Wu, Zhifei Wu, Mutian Yang, Yongji Wang","doi":"10.1109/SERE-C.2013.17","DOIUrl":null,"url":null,"abstract":"Vulnerability exploits will result in security breaches or violations of the system's security policy causing information leakage or economic losses. Although many detection methods such as static analysis, dynamic analysis and fuzz testing have been presented, the vulnerabilities are still difficult to detect. In this paper, we propose a new detection cloud service Vulcloud, which is scalable and hybrid combining the static, dynamic and fuzzing into cloud computing. Vulcloud first statically analyzes the objects and reports the potential vulnerable items. And then, the fuzzing cases for the items are semi-automated created, and tested under the dynamic monitoring. Finally, the source code of the results are statically analyzed again to determine whether they are vulnerabilities or not. The prototype of Vulcloud is implemented, and the performance is evaluated by Mplayer source code. The experiment results show that Vulcloud can detect vulnerabilities in software, and the challenges of storage and processing capabilities are resolved by cloud computing.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SERE-C.2013.17","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Vulnerability exploits will result in security breaches or violations of the system's security policy causing information leakage or economic losses. Although many detection methods such as static analysis, dynamic analysis and fuzz testing have been presented, the vulnerabilities are still difficult to detect. In this paper, we propose a new detection cloud service Vulcloud, which is scalable and hybrid combining the static, dynamic and fuzzing into cloud computing. Vulcloud first statically analyzes the objects and reports the potential vulnerable items. And then, the fuzzing cases for the items are semi-automated created, and tested under the dynamic monitoring. Finally, the source code of the results are statically analyzed again to determine whether they are vulnerabilities or not. The prototype of Vulcloud is implemented, and the performance is evaluated by Mplayer source code. The experiment results show that Vulcloud can detect vulnerabilities in software, and the challenges of storage and processing capabilities are resolved by cloud computing.

查看原文本刊更多论文

Vulcloud:云计算中的可扩展和混合漏洞检测

利用漏洞会造成安全漏洞或违反系统安全策略，造成信息泄露或经济损失。尽管已经提出了静态分析、动态分析、模糊测试等多种检测方法，但漏洞检测仍然比较困难。本文提出了一种新的检测云服务Vulcloud，它将静态、动态和模糊融合到云计算中，具有可扩展性和混合性。Vulcloud首先静态分析对象并报告潜在的易受攻击的项目。然后，对项目的模糊化用例进行半自动化创建，并在动态监控下进行测试。最后，再次对结果的源代码进行静态分析，判断其是否存在漏洞。实现了Vulcloud的原型，并利用Mplayer源代码对其性能进行了评价。实验结果表明，Vulcloud能够检测出软件中的漏洞，解决了云计算对存储和处理能力的挑战。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2013 IEEE Seventh International Conference on Software Security and Reliability Companion

自引率

0.00%

发文量