In the execution of method invocation sequences to test component security,abnormal or normal information is generated and recorded in a monitor log. By searching abnormal information from monitor log,the exceptions t...In the execution of method invocation sequences to test component security,abnormal or normal information is generated and recorded in a monitor log. By searching abnormal information from monitor log,the exceptions that the component has can be determined. To facilitate the searching process,string searching methods could be employed. However,current approaches are not effective enough to search long pattern string. In order to mine the specific information with less number of matches,we proposed an improved Sunday string searching algorithm in this paper. Unlike Sunday algorithm which does not make use of the already matched characters,the proposed approach presents two ideas — utilizing and recycling these characters. We take advantage of all matched characters in main string,if they are still in the matchable interval compared with pattern string,to increase the distance that pattern string moves backwards. Experimental analysis shows that,compared to Sunday algorithm,our method could greatly reduce the matching times,if the scale of character set constituting both main string and pattern string is small,or if the length of pattern string is long. Also,the proposed approach can improve the search effectiveness for abnormal information in component security testing.展开更多
Developing secure software systems is a major challenge in the software industry due to errors or weaknesses that bring vulnerabilities to the software system.To address this challenge,researchers often use the source...Developing secure software systems is a major challenge in the software industry due to errors or weaknesses that bring vulnerabilities to the software system.To address this challenge,researchers often use the source code features of vulnerabilities to improve vulnerability detection.Notwithstanding the success achieved by these techniques,the existing studies mainly focus on the conceptual description without an accurate definition of vulnerability features.In this study,we introduce a novel and efficient Memory-Related Vulnerability Detection Approach using Vulnerability Features (MRVDAVF).Our framework uses three distinct strategies to improve vulnerability detection.In the first stage,we introduce an improved Control Flow Graph (CFG) and Pointer-related Control Flow Graph (PCFG) to describe the features of some common vulnerabilities,including memory leak,doublefree,and use-after-free.Afterward,two algorithms,namely Vulnerability Judging algorithm based on Vulnerability Feature (VJVF) and Feature Judging (FJ) algorithm,are employed to detect memory-related vulnerabilities.Finally,the proposed model is validated using three test cases obtained from Juliet Test Suite.The experimental results show that the proposed approach is feasible and effective.展开更多
基金supported by National Natural Science Foundation of China (NSFC grant number:61202110,61401180 and 61502205)the Postdoctoral Science Foundation of China (Grant number:2015M571687 and 2015M581739)the Graduate Research Innovation Project of Jiangsu Province(KYLX15_1079 and KYLX16_0900)
文摘In the execution of method invocation sequences to test component security,abnormal or normal information is generated and recorded in a monitor log. By searching abnormal information from monitor log,the exceptions that the component has can be determined. To facilitate the searching process,string searching methods could be employed. However,current approaches are not effective enough to search long pattern string. In order to mine the specific information with less number of matches,we proposed an improved Sunday string searching algorithm in this paper. Unlike Sunday algorithm which does not make use of the already matched characters,the proposed approach presents two ideas — utilizing and recycling these characters. We take advantage of all matched characters in main string,if they are still in the matchable interval compared with pattern string,to increase the distance that pattern string moves backwards. Experimental analysis shows that,compared to Sunday algorithm,our method could greatly reduce the matching times,if the scale of character set constituting both main string and pattern string is small,or if the length of pattern string is long. Also,the proposed approach can improve the search effectiveness for abnormal information in component security testing.
基金funded by the National Natural Science Foundation of China(Nos.U1836116 and 61872167)the Project of Jiangsu Provincial Six Talent Peaks(No.XYDXXJS-016)the Graduate Research Innovation Project of Jiangsu Province(No.KYCX171807)。
文摘Developing secure software systems is a major challenge in the software industry due to errors or weaknesses that bring vulnerabilities to the software system.To address this challenge,researchers often use the source code features of vulnerabilities to improve vulnerability detection.Notwithstanding the success achieved by these techniques,the existing studies mainly focus on the conceptual description without an accurate definition of vulnerability features.In this study,we introduce a novel and efficient Memory-Related Vulnerability Detection Approach using Vulnerability Features (MRVDAVF).Our framework uses three distinct strategies to improve vulnerability detection.In the first stage,we introduce an improved Control Flow Graph (CFG) and Pointer-related Control Flow Graph (PCFG) to describe the features of some common vulnerabilities,including memory leak,doublefree,and use-after-free.Afterward,two algorithms,namely Vulnerability Judging algorithm based on Vulnerability Feature (VJVF) and Feature Judging (FJ) algorithm,are employed to detect memory-related vulnerabilities.Finally,the proposed model is validated using three test cases obtained from Juliet Test Suite.The experimental results show that the proposed approach is feasible and effective.