Aiman Hanna, Hai Zhou Ling, J. Furlong, Zhenrong Yang, M. Debbabi
{"title":"针对安全漏洞:从规范到检测(短文)","authors":"Aiman Hanna, Hai Zhou Ling, J. Furlong, Zhenrong Yang, M. Debbabi","doi":"10.1109/QSIC.2008.35","DOIUrl":null,"url":null,"abstract":"In this paper, we present a joint approach to automate software security testing using two approaches, namely team edit automata (TEA), and the security chaining approach. Team edit automata is used to formally specify the security properties to be tested. It also composes the monitoring engine of the vulnerability detection process. The security chaining approach is used to generate test-data for the purpose of proving that a vulnerability is not only present in the software being tested but it is also exploitable. The combined approach provides elements of a solution towards the automation of security testing of software.","PeriodicalId":6446,"journal":{"name":"2008 The Eighth International Conference on Quality Software","volume":"19 1","pages":"97-102"},"PeriodicalIF":0.0000,"publicationDate":"2008-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Targeting Security Vulnerabilities: From Specification to Detection (Short Paper)\",\"authors\":\"Aiman Hanna, Hai Zhou Ling, J. Furlong, Zhenrong Yang, M. Debbabi\",\"doi\":\"10.1109/QSIC.2008.35\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we present a joint approach to automate software security testing using two approaches, namely team edit automata (TEA), and the security chaining approach. Team edit automata is used to formally specify the security properties to be tested. It also composes the monitoring engine of the vulnerability detection process. The security chaining approach is used to generate test-data for the purpose of proving that a vulnerability is not only present in the software being tested but it is also exploitable. The combined approach provides elements of a solution towards the automation of security testing of software.\",\"PeriodicalId\":6446,\"journal\":{\"name\":\"2008 The Eighth International Conference on Quality Software\",\"volume\":\"19 1\",\"pages\":\"97-102\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-08-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 The Eighth International Conference on Quality Software\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/QSIC.2008.35\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 The Eighth International Conference on Quality Software","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/QSIC.2008.35","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Targeting Security Vulnerabilities: From Specification to Detection (Short Paper)
In this paper, we present a joint approach to automate software security testing using two approaches, namely team edit automata (TEA), and the security chaining approach. Team edit automata is used to formally specify the security properties to be tested. It also composes the monitoring engine of the vulnerability detection process. The security chaining approach is used to generate test-data for the purpose of proving that a vulnerability is not only present in the software being tested but it is also exploitable. The combined approach provides elements of a solution towards the automation of security testing of software.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
