Source Code Vulnerabilities Detection Using Loosely Coupled Data and Control Flows

2019 21st International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC) Pub Date : 2019-09-01 DOI:10.1109/SYNASC49474.2019.00016

Sergiu Zaharia, Traian Rebedea, Stefan Trausan-Matu

{"title":"Source Code Vulnerabilities Detection Using Loosely Coupled Data and Control Flows","authors":"Sergiu Zaharia, Traian Rebedea, Stefan Trausan-Matu","doi":"10.1109/SYNASC49474.2019.00016","DOIUrl":null,"url":null,"abstract":"Applications are one of the most used attack surfaces, and they must be secured at source code level, early in the development phase. Static Analysis Security Testing solutions, able to detect vulnerabilities in source code are limited to the most used programming languages and development frameworks. The proposed method consists of a security scanning solution based on an Intermediate Representation of source code which is loosely coupled with the programming language structure and to the data flow, preserving at the same time the security vulnerability patterns. The ability to identify vulnerable source code snippets in the Intermediate Representation of the original source code is the core idea for this research project. Using loosely coupled control flows and data flows representations of the original source code enables the development of new security scanners, which in the future will be able to evaluate applications written in new and exotic languages.","PeriodicalId":102054,"journal":{"name":"2019 21st International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)","volume":"54 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 21st International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SYNASC49474.2019.00016","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Applications are one of the most used attack surfaces, and they must be secured at source code level, early in the development phase. Static Analysis Security Testing solutions, able to detect vulnerabilities in source code are limited to the most used programming languages and development frameworks. The proposed method consists of a security scanning solution based on an Intermediate Representation of source code which is loosely coupled with the programming language structure and to the data flow, preserving at the same time the security vulnerability patterns. The ability to identify vulnerable source code snippets in the Intermediate Representation of the original source code is the core idea for this research project. Using loosely coupled control flows and data flows representations of the original source code enables the development of new security scanners, which in the future will be able to evaluate applications written in new and exotic languages.

查看原文本刊更多论文

使用松散耦合数据和控制流的源代码漏洞检测

应用程序是最常用的攻击面之一，必须在开发阶段的早期在源代码级别对它们进行保护。静态分析安全测试解决方案，能够检测源代码中的漏洞，仅限于最常用的编程语言和开发框架。该方法是一种基于源代码中间表示的安全扫描方案，该方案与编程语言结构和数据流松散耦合，同时保留了安全漏洞模式。在原始源代码的中间表示中识别易受攻击的源代码片段的能力是本研究项目的核心思想。使用松散耦合的控制流和原始源代码的数据流表示支持开发新的安全扫描器，这些扫描器将来将能够评估用新的和外来语言编写的应用程序。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 21st International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)

自引率

0.00%

发文量