Towards a hybrid framework for detecting input manipulation vulnerabilities
Input manipulation vulnerabilities such as SQL Injection, Cross-site scripting, Buffer Overflow vulnerabilities are highly prevalent and pose critical security risks. As a result, many methods have been proposed to apply static analysis, dynamic analysis or a combination of them, to detect such secu...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2013
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/4837 https://ink.library.smu.edu.sg/context/sis_research/article/5840/viewcontent/Towards_a_hybrid_framework_for_detecting_input_manipulation_2013_av.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-5840 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-58402020-05-04T01:58:55Z Towards a hybrid framework for detecting input manipulation vulnerabilities DING, Sun TAN, Hee Beng Kuan SHAR, Lwin Khin PADMANABHUNI, Bindu Madhavi Input manipulation vulnerabilities such as SQL Injection, Cross-site scripting, Buffer Overflow vulnerabilities are highly prevalent and pose critical security risks. As a result, many methods have been proposed to apply static analysis, dynamic analysis or a combination of them, to detect such security vulnerabilities. Most of the existing methods classify vulnerabilities into safe and unsafe. They have both false-positive and false-negative cases. In general, security vulnerability can be classified into three cases: (1) provable safe, (2) provable unsafe, (3) unsure. In this paper, we propose a hybrid framework-Detecting Input Manipulation Vulnerabilities (DIMV), to verify the adequacy of security vulnerability defenses for input manipulation vulnerabilities by integrating formal verification with vulnerability prediction in a seamless way. The verification part takes into account sink predicates and effect of domain and custom specifications for detecting input manipulation vulnerabilities. Proving from specification is used as far as possible. Cases that cannot be proved are then predicted from the signatures mined. Our evaluation shows the practicality of the proposed framework. 2013-12-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4837 info:doi/10.1109/APSEC.2013.56 https://ink.library.smu.edu.sg/context/sis_research/article/5840/viewcontent/Towards_a_hybrid_framework_for_detecting_input_manipulation_2013_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Vulnerability detection framework formal verification prediction data mining input validation specification verification input manipulation vulnerabilities Information Security Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Vulnerability detection framework formal verification prediction data mining input validation specification verification input manipulation vulnerabilities Information Security Software Engineering |
| spellingShingle |
Vulnerability detection framework formal verification prediction data mining input validation specification verification input manipulation vulnerabilities Information Security Software Engineering DING, Sun TAN, Hee Beng Kuan SHAR, Lwin Khin PADMANABHUNI, Bindu Madhavi Towards a hybrid framework for detecting input manipulation vulnerabilities |
| description |
Input manipulation vulnerabilities such as SQL Injection, Cross-site scripting, Buffer Overflow vulnerabilities are highly prevalent and pose critical security risks. As a result, many methods have been proposed to apply static analysis, dynamic analysis or a combination of them, to detect such security vulnerabilities. Most of the existing methods classify vulnerabilities into safe and unsafe. They have both false-positive and false-negative cases. In general, security vulnerability can be classified into three cases: (1) provable safe, (2) provable unsafe, (3) unsure. In this paper, we propose a hybrid framework-Detecting Input Manipulation Vulnerabilities (DIMV), to verify the adequacy of security vulnerability defenses for input manipulation vulnerabilities by integrating formal verification with vulnerability prediction in a seamless way. The verification part takes into account sink predicates and effect of domain and custom specifications for detecting input manipulation vulnerabilities. Proving from specification is used as far as possible. Cases that cannot be proved are then predicted from the signatures mined. Our evaluation shows the practicality of the proposed framework. |
| format |
text |
| author |
DING, Sun TAN, Hee Beng Kuan SHAR, Lwin Khin PADMANABHUNI, Bindu Madhavi |
| author_facet |
DING, Sun TAN, Hee Beng Kuan SHAR, Lwin Khin PADMANABHUNI, Bindu Madhavi |
| author_sort |
DING, Sun |
| title |
Towards a hybrid framework for detecting input manipulation vulnerabilities |
| title_short |
Towards a hybrid framework for detecting input manipulation vulnerabilities |
| title_full |
Towards a hybrid framework for detecting input manipulation vulnerabilities |
| title_fullStr |
Towards a hybrid framework for detecting input manipulation vulnerabilities |
| title_full_unstemmed |
Towards a hybrid framework for detecting input manipulation vulnerabilities |
| title_sort |
towards a hybrid framework for detecting input manipulation vulnerabilities |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2013 |
| url |
https://ink.library.smu.edu.sg/sis_research/4837 https://ink.library.smu.edu.sg/context/sis_research/article/5840/viewcontent/Towards_a_hybrid_framework_for_detecting_input_manipulation_2013_av.pdf |
| _version_ |
1770575058903760896 |