Towards a hybrid framework for detecting input manipulation vulnerabilities

Towards a hybrid framework for detecting input manipulation vulnerabilities

Input manipulation vulnerabilities such as SQL Injection, Cross-site scripting, Buffer Overflow vulnerabilities are highly prevalent and pose critical security risks. As a result, many methods have been proposed to apply static analysis, dynamic analysis or a combination of them, to detect such secu...

全面介紹

Saved in:
書目詳細資料
Main Authors: DING, Sun, TAN, Hee Beng Kuan, SHAR, Lwin Khin, PADMANABHUNI, Bindu Madhavi
格式: text
語言:English
出版: Institutional Knowledge at Singapore Management University 2013
主題:
Vulnerability detection
framework
formal verification
prediction
data mining
input validation
specification
verification
input manipulation vulnerabilities
Information Security
Software Engineering
在線閱讀:https://ink.library.smu.edu.sg/sis_research/4837
https://ink.library.smu.edu.sg/context/sis_research/article/5840/viewcontent/Towards_a_hybrid_framework_for_detecting_input_manipulation_2013_av.pdf
標簽: 添加標簽
沒有標簽, 成為第一個標記此記錄!
機構: Singapore Management University
語言: English
實物特徵
總結:Input manipulation vulnerabilities such as SQL Injection, Cross-site scripting, Buffer Overflow vulnerabilities are highly prevalent and pose critical security risks. As a result, many methods have been proposed to apply static analysis, dynamic analysis or a combination of them, to detect such security vulnerabilities. Most of the existing methods classify vulnerabilities into safe and unsafe. They have both false-positive and false-negative cases. In general, security vulnerability can be classified into three cases: (1) provable safe, (2) provable unsafe, (3) unsure. In this paper, we propose a hybrid framework-Detecting Input Manipulation Vulnerabilities (DIMV), to verify the adequacy of security vulnerability defenses for input manipulation vulnerabilities by integrating formal verification with vulnerability prediction in a seamless way. The verification part takes into account sink predicates and effect of domain and custom specifications for detecting input manipulation vulnerabilities. Proving from specification is used as far as possible. Cases that cannot be proved are then predicted from the signatures mined. Our evaluation shows the practicality of the proposed framework.

相似書籍