{"title":"SSVChecker:统一Eclipse插件中的静态安全漏洞检测工具","authors":"J. Dehlinger, Qian Feng, Lan Hu","doi":"10.1145/1188835.1188842","DOIUrl":null,"url":null,"abstract":"The increasing complexity of secure software applications has given rise to static analysis security tools to alert developers to potential security flaws within source code. However, these static security vulnerability detection tools tend to be difficult to use and are not integrated with common software development environments. The contribution of this work is SSVChecker, an Eclipse plug-in that unifies existing static security vulnerability detection tools into a powerful, intuitive tool. We make three fundamental claims for SSVChecker. First, it contains functionality not found in other static security vulnerability detection tools (e.g., union and intersection of multiple tool results). Second, the tool can adapt to the results of user-performed analysis to prevent repeatedly reporting user-dismissed security vulnerabilities. Lastly, it operates on a user-friendly, generic framework allowing for the inclusion of future static security vulnerability detection tools. To illustrate these claims, we use SSVChecker on a security-sensitive networking package. Results show the benefits of the tool in identifying potential security vulnerabilities.","PeriodicalId":297590,"journal":{"name":"Proceedings of the 2006 OOPSLA workshop on eclipse technology eXchange","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"SSVChecker: unifying static security vulnerability detection tools in an Eclipse plug-in\",\"authors\":\"J. Dehlinger, Qian Feng, Lan Hu\",\"doi\":\"10.1145/1188835.1188842\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The increasing complexity of secure software applications has given rise to static analysis security tools to alert developers to potential security flaws within source code. However, these static security vulnerability detection tools tend to be difficult to use and are not integrated with common software development environments. The contribution of this work is SSVChecker, an Eclipse plug-in that unifies existing static security vulnerability detection tools into a powerful, intuitive tool. We make three fundamental claims for SSVChecker. First, it contains functionality not found in other static security vulnerability detection tools (e.g., union and intersection of multiple tool results). Second, the tool can adapt to the results of user-performed analysis to prevent repeatedly reporting user-dismissed security vulnerabilities. Lastly, it operates on a user-friendly, generic framework allowing for the inclusion of future static security vulnerability detection tools. To illustrate these claims, we use SSVChecker on a security-sensitive networking package. Results show the benefits of the tool in identifying potential security vulnerabilities.\",\"PeriodicalId\":297590,\"journal\":{\"name\":\"Proceedings of the 2006 OOPSLA workshop on eclipse technology eXchange\",\"volume\":\"38 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-10-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2006 OOPSLA workshop on eclipse technology eXchange\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1188835.1188842\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2006 OOPSLA workshop on eclipse technology eXchange","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1188835.1188842","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
SSVChecker: unifying static security vulnerability detection tools in an Eclipse plug-in
The increasing complexity of secure software applications has given rise to static analysis security tools to alert developers to potential security flaws within source code. However, these static security vulnerability detection tools tend to be difficult to use and are not integrated with common software development environments. The contribution of this work is SSVChecker, an Eclipse plug-in that unifies existing static security vulnerability detection tools into a powerful, intuitive tool. We make three fundamental claims for SSVChecker. First, it contains functionality not found in other static security vulnerability detection tools (e.g., union and intersection of multiple tool results). Second, the tool can adapt to the results of user-performed analysis to prevent repeatedly reporting user-dismissed security vulnerabilities. Lastly, it operates on a user-friendly, generic framework allowing for the inclusion of future static security vulnerability detection tools. To illustrate these claims, we use SSVChecker on a security-sensitive networking package. Results show the benefits of the tool in identifying potential security vulnerabilities.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
