Design and Implementation of Software Vulnerability Analysis Algorithm through Static Data Access Analysis

Hyun-il Lim

Nowadays, software plays various roles in applications in wide areas. However, the security problems caused by software vulnerabilities increase. So, it is necessary to improve software security and safety in software execution. In this paper, we propose an approach to improve the safety of software execution by managing information used in software through static data access analysis. The approach can detect the exposures of secure data in software execution by analyzing information property and flows through static data access analysis. In this paper, we implemented and experimented the proposed approach with a base language, and verify that the proposed approach can effectively detect the exposures of secure information. The proposed approach can be applied in several areas for improving software safety by analysing vulnerabilities from information flows in software execution.

Citation status

KCI Citation Counts (0)
REFERENCES (13)
열림/닫힘 버튼
* 2021년 이후 발행 논문의 참고문헌은 현재 구축 중입니다.

[journal] Marco Pistoia / 2007 / A survey of static analysis methods for identifying security vulnerabilities in software systems / IBM Systems Journal 46(2) : 265~288

[journal] Manuel Egele / 2012 / A Survey on Automated Dynamic Malware Analysis Techniques and Tools / ACM Computing Surveys 44(2)

[journal] 전정훈 / 2015 / A study on the classification systems of domestic security fields / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 20(3) : 81~88

[journal] 장은겸 / 2014 / A Study on Similarity Comparison for File DNA-Based Metamorphic Malware Detection / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 19(1) : 85~94

[confproc] James Newsome / 2005 / Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software / Proceedings of the Network and Distributed System Security Symposium

[confproc] Winnie Cheng / 2006 / TaintTrace: Efficient Flow Tracing with Dynamic Binary Rewriting / Proceedings of 11th IEEE Symposium on Computers and Communications : 749~754

[confproc] James Clause / 2007 / Dytan: A Generic Dynamic Taint Analysis Framework / Proceedings of the International Symposium on Software Testing and Analysis : 196~206

[confproc] Zhiwen Bai / 2008 / DTAD: A Dynamic Taint Analysis Detector for Information Security / Proceedings of The Ninth International Conference on Web-Age Information Management : 591~597

[confproc] Heng Yin / 2007 / Panorama: capturing system-wide information flow for malware detection and analysis / Proceedings of the 14th ACM conference on Computer and communications security : 116~127

[web] Matthew Hennessy / 2015 / The WHILE programming language / https://www.cs.tcd.ie/Matthew.Hennessy/splexternal2015/notes/WhileSlides2to1.pdf

[book] Kenneth Slonneger / 1995 / Formal Syntax and Semantics of Programming Languages / Addison Wesley

[book] Sanjiva Prasad / 2002 / the Compiler Design Handbook: Optimizations and Machine Code Generation / CRC Press : 841~890

[web] / Programming Language Haskell / http://www.haskell.org/

이 논문은 한국연구재단의 지원을 받아 작성되었습니다.

KJC Korea
Journal Central

Statistics

Tools

Sharing

Issue List

Citation status