Research Article
An Static Propositional Function Model to Detect Software Vulnerability
@INPROCEEDINGS{10.1007/978-3-030-21373-2_46, author={Lansheng Han and Man Zhou and Cai Fu}, title={An Static Propositional Function Model to Detect Software Vulnerability}, proceedings={Security and Privacy in New Computing Environments. Second EAI International Conference, SPNCE 2019, Tianjin, China, April 13--14, 2019, Proceedings}, proceedings_a={SPNCE}, year={2019}, month={6}, keywords={Software vulnerability Propositional function Static analysis State space explosion}, doi={10.1007/978-3-030-21373-2_46} }- Lansheng Han
Man Zhou
Cai Fu
Year: 2019
An Static Propositional Function Model to Detect Software Vulnerability
SPNCE
Springer
DOI: 10.1007/978-3-030-21373-2_46
Abstract
Due to lacking proper theory to accurately describe characteristics of vulnerability, the existing static detection models are designed for specific vulnerability is hard to be expanded and the latter often encounters the state space explosion and with higher false positive rate. This paper proposes a static detection model of a five-tuple (): the vulnerability initial nodes set, program state space, Vulnerability Syntax Rules, preconditions of vulnerability, and post-conditions of vulnerability are accurately described. We design a testing prototype system for the static detection model and carry out experiments to evaluate the results with the vulnerabilities disclosed by NIST. Our model find more vulnerabilities of Wireshark than published by NIST and shows higher detection efficiency than that of FindBugs. Formal accurately description is prerequisite of auto-detection of vulnerability.