基于源代码模型检测的安全漏洞检测研究

2010 Third International Conference on Software Testing, Verification, and Validation Workshops Pub Date : 2010-04-06 DOI:10.1109/ICSTW.2010.23

Keqin Li

{"title":"基于源代码模型检测的安全漏洞检测研究","authors":"Keqin Li","doi":"10.1109/ICSTW.2010.23","DOIUrl":null,"url":null,"abstract":"Security in code level is an important aspect to achieve high quality software. Various security programming guidelines are defined to improve the quality of software code. At the same time, enforcing mechanisms of these guidelines are needed. In this paper, we use source code model checking technique to check whether some security programming guidelines are followed, and correspondingly to detect related security vulnerabilities. Two SAP security programming guidelines related to logging sensitive information and Cross-Site Scripting attack are used as examples. In the case studies, Bandera Tool Set is used as source code model checker, and minimizing programmers' additional effort is set as one of the goals.","PeriodicalId":117410,"journal":{"name":"2010 Third International Conference on Software Testing, Verification, and Validation Workshops","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-04-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Towards Security Vulnerability Detection by Source Code Model Checking\",\"authors\":\"Keqin Li\",\"doi\":\"10.1109/ICSTW.2010.23\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security in code level is an important aspect to achieve high quality software. Various security programming guidelines are defined to improve the quality of software code. At the same time, enforcing mechanisms of these guidelines are needed. In this paper, we use source code model checking technique to check whether some security programming guidelines are followed, and correspondingly to detect related security vulnerabilities. Two SAP security programming guidelines related to logging sensitive information and Cross-Site Scripting attack are used as examples. In the case studies, Bandera Tool Set is used as source code model checker, and minimizing programmers' additional effort is set as one of the goals.\",\"PeriodicalId\":117410,\"journal\":{\"name\":\"2010 Third International Conference on Software Testing, Verification, and Validation Workshops\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-04-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 Third International Conference on Software Testing, Verification, and Validation Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSTW.2010.23\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 Third International Conference on Software Testing, Verification, and Validation Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSTW.2010.23","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

摘要

代码级安全是实现高质量软件的一个重要方面。为了提高软件代码的质量，定义了各种安全编程指南。同时，这些指导方针的执行机制是必要的。在本文中，我们使用源代码模型检查技术来检查是否遵循了一些安全编程准则，并相应地检测出相关的安全漏洞。本文以记录敏感信息和跨站点脚本攻击相关的两个SAP安全编程指南为例。在案例研究中，Bandera Tool Set被用作源代码模型检查器，最小化程序员的额外工作被设置为目标之一。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Towards Security Vulnerability Detection by Source Code Model Checking

Security in code level is an important aspect to achieve high quality software. Various security programming guidelines are defined to improve the quality of software code. At the same time, enforcing mechanisms of these guidelines are needed. In this paper, we use source code model checking technique to check whether some security programming guidelines are followed, and correspondingly to detect related security vulnerabilities. Two SAP security programming guidelines related to logging sensitive information and Cross-Site Scripting attack are used as examples. In the case studies, Bandera Tool Set is used as source code model checker, and minimizing programmers' additional effort is set as one of the goals.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2010 Third International Conference on Software Testing, Verification, and Validation Workshops

自引率

0.00%

发文量