A Scalable and Accurate Hybrid Vulnerability Analysis Framework

Thome, Julian

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Thome, Julian

2015 • In Doctoral Symposium co-located with 26th IEEE International Symposium on Software Reliability Engineering (2015)

Peer reviewed

Permalink
https://hdl.handle.net/10993/21897

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

doctoral-symposium.pdf

Publisher postprint (63.5 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Software Security Assurance; Vulnerability Analysis; Program Analysis; Symbolic Execution; Constraint Solving; Machine Learning

Abstract :

[en] Software security assurance is an important process in software development that protects the sensitive data and resources contained in and controlled by the software. Addressing security vulnerabilities at an early phase could decrease the cost of addressing them in later stages by two orders of magnitude. In order to detect vulnerabilities in Web services and Web applications in a scalable and accurate manner, we aim at developing a hybrid vulnerability analysis framework which combines program analysis, symbolic execution and machine learning. We use program analysis to identify potential vulnerable execution branches within the source code for the purpose of guiding the symbolic execution along the potentially vulnerable execution paths. We also propose scalable constraint solving techniques for vulnerability analysis. To further enhance scalability and accuracy, we also apply machine learning by incorporating predictors for identifying potentially vulnerable paths of the program based on known vulnerable cases.

Research center :

SnT - Interdisciplinary Centre for Security, Reliability and Trust

Disciplines :

Computer science

Author, co-author :

Thome, Julian ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

External co-authors :

Language :

English

Title :

A Scalable and Accurate Hybrid Vulnerability Analysis Framework

Publication date :

2015

Event name :

Doctoral Symposium co-located with 26th IEEE International Symposium on Software Reliability Engineering (2015)

Event date :

04-11-2015

Audience :

International

Main work title :

Doctoral Symposium co-located with 26th IEEE International Symposium on Software Reliability Engineering (2015)

Peer reviewed :

Peer reviewed

FnR Project :

FNR9132112 - A Scalable And Accurate Hybrid Vulnerability Analysis Framework, 2014 (01/09/2014-14/04/2018) - Julian Thomé

Name of the research project :

A Scalable and Accurate Hybrid Vulnerability Analysis Framework

Funders :

National Research Fund, Luxembourg (FNR/P10/03 and FNR9132112)

Available on ORBilu :

since 07 September 2015

Statistics

Number of views

181 (52 by Unilu)

Number of downloads

181 (9 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

WoS citations^™

Bibliography

A. Arora and C. Mellon, "Estimating Benefits from Investing in Secure Software Development, " vol. 265, pp. 1-12, 2005.
P. M. Perez, J. Filipiak, and J. M. Sierra, "LAPSE+ static analysis security software: Vulnerabilities detection in Java EE Applications, " Communications in Computer and Information Science, vol. 184 CCIS, no. PART 1, pp. 148-156, 2011.
A. Kiezun, V. Ganesh, P. J. Guo, P. Hooimeijer, and M. D. Ernst, "HAMPI: A solver for string constraints, " in ISSTA 2009, Proceedings of the 2009 International Symposium on Software Testing and Analysis, Chicago, IL, USA, July 21-23, 2009, pp. 105-116.
J. Thome, L. K. Shar, and L. C. Briand, "Security Slicing for Auditing XML, XPath, and SQL Injection Vulnerabilities, " ISSRE, 2015.
"Saner: Composing static and dynamic analysis to validate sanitization in web applications, " Proceedings-IEEE Symposium on Security and Privacy, pp. 387-401, 2008.
"Automatic Generation of XSS and SQL Injection Attacks with Goal-Directed Model Checking, " Symposium A Quarterly Journal In Modern Foreign Literatures, pp. 31-43, 2008.
X. Fu and C.-c. Li, "A String Constraint Solver for Detecting Web Application Vulnerability, " Proceedings of the 22nd International Conference on Software Engineering & Knowledge Engineering-SEKE2010, pp. 535-542, 2010.
"Directed symbolic execution, " Lecture Notes in Computer Science, vol. 6887 LNCS, pp. 95-111, 2011.
M. Borges, M. DAmorim, S. Anand, D. Bushnell, and C. S. Pasareanu, "Symbolic execution with interval solving and meta-heuristic search, " Proceedings-IEEE 5th International Conference on Software Testing, Verification and Validation, ICST 2012, no. 1, pp. 111-120, 2012.
C. S. Pasareanu and W. Visser, "Verification of Java Programs using Symbolic Execution and Invariant Generation."
S. Anand, C. S. Psreanu, and W. Visser, "Symbolic execution with abstract subsumption checking, " Lecture Notes in Computer Science, vol. 3925 LNCS, pp. 163-181, 2006.
P. Godefroid, "Compositional dynamic test generation, " ACM SIGPLAN Notices, vol. 42, no. 1, p. 47, 2007.
S. Anand, P. Godefroid, and N. Tillmann, "Demand-driven compositional symbolic execution, " Lecture Notes in Computer Science, vol. 4963 LNCS, pp. 367-381, 2008.
Y. Shin, A. Meneely, L. Williams, and J. a. Osborne, "Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities, " IEEE Transactions on Software Engineering, vol. 37, no. 6, pp. 772-787, 2011.
S. Neuhaus, T. Zimmermann, C. Holler, and A. Zeller, "Predicting vulnerable software components, " Proceedings of the 14th ACM conference on Computer and communications security CCS 07, p. 529, 2007.
L. K. Shar and H. B. K. Tan, "Defeating SQL injection, " Computer, vol. 46, no. 3, pp. 69-77, 2013.
X. Fu, M. C. Powell, M. Bantegui, and C. C. Li, Simple linear string constraints, 2013, vol. 25, no. 6.
Y. Zheng, "Z3-str : A Z3-Based String Solver for Web Application Analysis, " Fse 2013, 29.
T. Liang, A. Reynolds, C. Tinelli, C. Barrett, and M. Deters, "A DPLL(T) theory solver for a theory of strings and regular expressions, " Lecture Notes in Computer Science, vol. 8559 LNCS, pp. 646-662, 2014.
P. Saxena, D. Akhawe, S. Hanna, F. Mao, S. McCamant, and D. Song, "A symbolic execution framework for javascript."
G. Redelinghuys, W. Visser, and J. Geldenhuys, "Symbolic execution of programs with strings, " in Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference, ser. SAICSIT 12. New York, NY, USA: ACM, 2012, pp. 139-148.
L. K. Shar, H. Beng Kuan Tan, and L. C. Briand, "Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis, " Proceedings-International Conference on Software Engineering, pp. 642-651, 2013.
T. Menzies, J. Greenwald, and A. Frank, "Data mining static code attributes to learn defect predictors, " vol. 33, no. 1, pp. 2-14, 2007.