A framework based security-knowledge database for vulnerabilities detection of business logic
This paper presents a framework for vulnerabilities detection of business logic in the software design phase. First, model the business logic in the design phase finite state machine, and extract relevant business processes from the model. Calculate the similarity degree between attack pattern and the business processes. Thus, find out if there are some vulnerabilities in the business logic and generate a report of threats analysis. Finally, Focusing on the business logic of user registration in the web application, we model it as a FSA then detect the model. By analyzing the detection result we conclude that the approach is correct and effective and can improve software security and reliability.
Xiaohong Li Guozhu Meng Zhiyong Feng Xu Li Dong Pan
School of Computer Science and Technology Tianjin University Tianjin, China
国际会议
武汉
英文
292-297
2010-05-10(万方平台首次上网日期,不代表论文的发表时间)