A synergy between static and dynamic analysis for the detection of software security vulnerabilities

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5871 LNCS, Issue PART 2, 2009, Pages 815-832

  Hanna, Aiman ^a   Ling, Hai Zhou ^a   Yang, XiaoChun ^a   Debbabi, Mourad ^a  

^a Concordia University ^*  (Canada)

Author keywords

Dynamic analysis; Security automata; Security testing; Static analysis; Test data generation

Indexed keywords

CONTROL FLOW GRAPHS; DATA GENERATION; KEY COMPONENT; SECURITY AUTOMATA; SECURITY TESTING; SECURITY VULNERABILITIES; SOFTWARE SECURITY; STATIC ANALYZERS; STATIC AND DYNAMIC ANALYSIS; VULNERABILITY DETECTION;

DATA FLOW ANALYSIS; DETECTORS; DYNAMIC ANALYSIS; INTERNET; STATIC ANALYSIS;

SECURITY OF DATA;

EID: 78650711415     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-05151-7_5     Document Type: Conference Paper

References (17)

1. Build Security (access on April 29, 2009), https://buildsecurityin.us- cert.gov/daisy/bsi/home.html/
2. Securityfocus (access on February 26, 2009), http://www.securityfocus. com/bid/27796
3. Bird, D., Munoz, C.: Automatic generation of random self-checking test cases. IBM Systems J. 22(3), 229-245 (1982)
4. Boyer, R., Elspas, B., Levitt, K.: Select - a formal system for testing and debugging programs by symbolic execution. SIGPLAN Notices 10(6), 234-245 (1975)
5. Cadar, C., Engler, D.: Execution generated test cases: How to make systems code crash itself (March 2005)
6. Chakraborty, M., Chakraborty, U.: An analysis of linear ranking and binary tournament selection in genetic algorithms. In: International Conference on Information, Communications and Signal Processing. ICICS (September 1997)
7. Cigital and National Science Foundation. Genetic algorithms for software test data generation
8. Clarke, L.: A system to generate test data and symbolically execute programs. IEEE Transactions on Software Engineering 2(3), 215-222 (1976)
9. Ferguson, R., Korel, B.: The chaining approach for software test data generation. ACM Transaction on Software Engineering and Methodology 5, 63-86 (1996) (Pubitemid 126669196)
10. Godefroid, P., Klarlund, N., Sen, K.: Dart: Directed automated random testing (June 2005)
11. Hadjidj, R., Yang, X., Tlili, S., Debbabi, M.: Model-checking for software vulnerabilities detection with multi-language support (October 2008)
12. Kiefer, S., Schwoon, S., Suwimonteerabuth, D.: Moped - a model-checker for push-down systems, http://www.fmi.uni-stuttgart.de/szs/tools/moped/
13. Korel, B.: Automated software test data generation. IEEE Transactions on Software Enfineering 16(8) (August 1990)
14. Ligatti, J., Bauer, L., Walker, D.: Enforcing non-safety security policies with program monitors (January 2005)
15. Novillo, D.: Tree ssa: A new optimization infrastructure for gcc. In: Proceedings of the GCC Developers Summit3, pp. 181-193 (2003)
16. GNU Project. GCC, the GNU Compiler Collection, http://gcc.gnu.org/
17. Schneider, F.B.: Enforceable security policies. ACM Transaction of Information System Security (2000)