Xiaobing Liang, Baojiang Cui, Yin-Jun Lv, Yilun Fu
{"title":"基于统一缺陷模式集的源代码与二进制可执行文件协同分析技术研究","authors":"Xiaobing Liang, Baojiang Cui, Yin-Jun Lv, Yilun Fu","doi":"10.1109/IMIS.2015.40","DOIUrl":null,"url":null,"abstract":"The security defect detection technology based on source code usually makes use of static analysis methods to detect security vulnerabilities in the test software, which does not consider the runtime information of program execution and the interaction information with the program runtime surrounding environment, so the security defect detection technology based on source code usually results in higher false positive rate. The binary program vulnerability detection methods based upon dynamic analysis usually have lower false positive rate, but their effectiveness depends entirely on test case generation, the detection efficiency of dynamic analysis based on binary program is lower. Moreover, the research of source code vulnerability detection technique and binary executable vulnerability detection technique are essentially fragmented, without considering the relationship between the two classes of methods. In order to improve the efficiency for source code and binary executables vulnerability detection, we presents a collaborative analysis method for vulnerability detection of source code and binary executables based upon the unified defect mode set, meanwhile, we verify the effectiveness of our method using a concrete example in this paper.","PeriodicalId":144834,"journal":{"name":"2015 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-07-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Research on the Collaborative Analysis Technology for Source Code and Binary Executable Based upon the Unified Defect Mode Set\",\"authors\":\"Xiaobing Liang, Baojiang Cui, Yin-Jun Lv, Yilun Fu\",\"doi\":\"10.1109/IMIS.2015.40\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The security defect detection technology based on source code usually makes use of static analysis methods to detect security vulnerabilities in the test software, which does not consider the runtime information of program execution and the interaction information with the program runtime surrounding environment, so the security defect detection technology based on source code usually results in higher false positive rate. The binary program vulnerability detection methods based upon dynamic analysis usually have lower false positive rate, but their effectiveness depends entirely on test case generation, the detection efficiency of dynamic analysis based on binary program is lower. Moreover, the research of source code vulnerability detection technique and binary executable vulnerability detection technique are essentially fragmented, without considering the relationship between the two classes of methods. In order to improve the efficiency for source code and binary executables vulnerability detection, we presents a collaborative analysis method for vulnerability detection of source code and binary executables based upon the unified defect mode set, meanwhile, we verify the effectiveness of our method using a concrete example in this paper.\",\"PeriodicalId\":144834,\"journal\":{\"name\":\"2015 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing\",\"volume\":\"24 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-07-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IMIS.2015.40\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IMIS.2015.40","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Research on the Collaborative Analysis Technology for Source Code and Binary Executable Based upon the Unified Defect Mode Set
The security defect detection technology based on source code usually makes use of static analysis methods to detect security vulnerabilities in the test software, which does not consider the runtime information of program execution and the interaction information with the program runtime surrounding environment, so the security defect detection technology based on source code usually results in higher false positive rate. The binary program vulnerability detection methods based upon dynamic analysis usually have lower false positive rate, but their effectiveness depends entirely on test case generation, the detection efficiency of dynamic analysis based on binary program is lower. Moreover, the research of source code vulnerability detection technique and binary executable vulnerability detection technique are essentially fragmented, without considering the relationship between the two classes of methods. In order to improve the efficiency for source code and binary executables vulnerability detection, we presents a collaborative analysis method for vulnerability detection of source code and binary executables based upon the unified defect mode set, meanwhile, we verify the effectiveness of our method using a concrete example in this paper.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
