Detecting Inadequate Identification Vulnerabilities Using Automaton
Inadequate identification vulnerabilities constitute a serious threat to the security of information systems, which provide opportunities for intruders to perform protected operations bypassing mandatory access control. This paper focuses on the automatic detection of such vulnerabilities in software source codes, and an automaton-based vulnerabilities detection method is proposed. In this paper, an automaton model is used to track program states related to control flows, and security rules based on this model can be customized for specific analysis. This work adopts a top-down data flow analysis method, which is flow sensitive, context sensitive and path sensitive, and thus more accurate program semantics and fewer false positives are promised. The experimental results show that the proposed approach can detect inadequate identification vulnerabilities concerning inter-procedural control flow paths inside actual systems.
inadequate identification context sensitive path sensitive automaton
Liyong Zhang Xianqing Wang Hao He Ping Chen
Software Engineering Institute Xidian University Xian, China
国际会议
太原
英文
623-629
2011-02-26(万方平台首次上网日期,不代表论文的发表时间)