Design and Implementation of Software Vulnerability Analysis Algorithm through Static Data Access Analysis

Hyun-il Lim

Journal of The Korea Society of Computer and Information

Abbr : JKSCI
2015, 20(8), pp.69-75
Publisher : The Korean Society Of Computer And Information
Research Area : Computer Science

Hyun-il Lim ¹

¹경남대학교

ABSTRACT

Nowadays, software plays various roles in applications in wide areas. However, the security problems caused by software vulnerabilities increase. So, it is necessary to improve software security and safety in software execution. In this paper, we propose an approach to improve the safety of software execution by managing information used in software through static data access analysis. The approach can detect the exposures of secure data in software execution by analyzing information property and flows through static data access analysis. In this paper, we implemented and experimented the proposed approach with a base language, and verify that the proposed approach can effectively detect the exposures of secure information. The proposed approach can be applied in several areas for improving software safety by analysing vulnerabilities from information flows in software execution.
KEYWORDS

static data access analysis, software vulnerability analysis, static software analysis
REFERENCES (13)

[journal] Marco Pistoia / 2007 / A survey of static analysis methods for identifying security vulnerabilities in software systems / IBM Systems Journal 46(2) : 265~288

[journal] Manuel Egele / 2012 / A Survey on Automated Dynamic Malware Analysis Techniques and Tools / ACM Computing Surveys 44(2)

[journal] 전정훈 / 2015 / A study on the classification systems of domestic security fields / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 20(3) : 81~88

[journal] 장은겸 / 2014 / A Study on Similarity Comparison for File DNA-Based Metamorphic Malware Detection / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 19(1) : 85~94

[confproc] James Newsome / 2005 / Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software / Proceedings of the Network and Distributed System Security Symposium

[confproc] Winnie Cheng / 2006 / TaintTrace: Efficient Flow Tracing with Dynamic Binary Rewriting / Proceedings of 11th IEEE Symposium on Computers and Communications : 749~754

[confproc] James Clause / 2007 / Dytan: A Generic Dynamic Taint Analysis Framework / Proceedings of the International Symposium on Software Testing and Analysis : 196~206

[confproc] Zhiwen Bai / 2008 / DTAD: A Dynamic Taint Analysis Detector for Information Security / Proceedings of The Ninth International Conference on Web-Age Information Management : 591~597

[confproc] Heng Yin / 2007 / Panorama: capturing system-wide information flow for malware detection and analysis / Proceedings of the 14th ACM conference on Computer and communications security : 116~127

[web] Matthew Hennessy / 2015 / The WHILE programming language / https://www.cs.tcd.ie/Matthew.Hennessy/splexternal2015/notes/WhileSlides2to1.pdf

[book] Kenneth Slonneger / 1995 / Formal Syntax and Semantics of Programming Languages / Addison Wesley

[book] Sanjiva Prasad / 2002 / the Compiler Design Handbook: Optimizations and Machine Code Generation / CRC Press : 841~890

[web] / Programming Language Haskell / http://www.haskell.org/
KCI Citation (0)

KJC Korea
Journal Central

Statistics

Tools