Efficient vulnerability detection based on an optimized rule-checking static analysis technique 被引量：2

Efficient vulnerability detection based on an optimized rule-checking static analysis technique

导出

摘要 Static analysis is an efficient approach for software assurance. It is indicated that its most effective usage is to perform analysis in an interactive way through the software development process, which has a high performance requirement. This paper concentrates on rule-based static analysis tools and proposes an optimized rule-checking algorithm. Our technique improves the performance of static analysis tools by filtering vulnerability rules in terms of characteristic objects before checking source files. Since a source file always contains vulnerabilities of a small part of rules rather than all, our approach may achieve better performance. To investigate our technique's feasibility and effectiveness, we implemented it in an open source static analysis tool called PMD and used it to conduct experiments. Experimental results show that our approach can obtain an average performance promotion of 28.7% compared with the original PMD. While our approach is effective and precise in detecting vulnerabilities, there is no side effect. Static analysis is an efficient approach for software assurance. It is indicated that its most effective usage is to perform analysis in an interactive way through the software development process, which has a high performance requirement. This paper concentrates on rule-based static analysis tools and proposes an optimized rule-checking algorithm. Our technique improves the performance of static analysis tools by filtering vulnerability rules in terms of characteristic objects before checking source files. Since a source file always contains vulnerabilities of a small part of rules rather than all, our approach may achieve better performance. To investigate our technique＇s feasibility and effectiveness, we implemented it in an open source static analysis tool called PMD and used it to conduct experiments. Experimental results show that our approach can obtain an average performance promotion of 28.7% compared with the original PMD. While our approach is effective and precise in detecting vulnerabilities, there is no side effect.

作者 Deng CHEN Yan-duo ZHANG Wei WEI Shi-xun WANG Ru-bing HUANG Xiao-lin LI Bin-bin QU Sheng JIANG

机构地区 Hubei Provincial Key Laboratory of Intelligent Robot Industrial Robot Engineering Center School of Computer and Information Engineering School of Computer Science and Telecommunication Engineering School of Computer Science and Technology

出处《Frontiers of Information Technology & Electronic Engineering》 SCIE EI CSCD 2017年第3期332-345,共14页 信息与电子工程前沿（英文版）

基金 Project supported by the National High-Tech R&D Program(863)of China(No.2013AA12A202) the National Natural Science Foundation of China(Nos.61172173,41501505,and 61502205) the Natural Science Foundation of Hubei Province,China(No.2014CFB779) the Youths Science Foundation of Wuhan Institute of Technology(No.K201546)

关键词 Rule-based static analysis Software quality Software validation Performance improvement Rule-based static analysis Software quality Software validation Performance improvement

分类号 TP311.5 [自动化与计算机技术—计算机软件与理论] TP309 [自动化与计算机技术—计算机系统结构]