• DocumentCode
    2076678
  • Title

    Detecting recurring and similar software vulnerabilities

  • Author

    Pham, Nam H. ; Nguyen, Tung Thanh ; Nguyen, Hoan Anh ; Wang, Xinying ; Nguyen, Anh Tuan ; Nguyen, Tien N.

  • Volume
    2
  • fYear
    2010
  • fDate
    2-8 May 2010
  • Firstpage
    227
  • Lastpage
    230
  • Abstract
    New software security vulnerabilities are discovered on almost daily basis and it is vital to be able to identify and resolve them as early as possible. Fortunately, many software vulnerabilities are recurring or very similar, thus, one could effectively detect and fix a vulnerability in a system by consulting the similar vulnerabilities and fixes from other systems. In this paper, we propose, SecureSync, an automatic approach to detect and provide suggested resolutions for recurring software vulnerabilities on multiple systems sharing/using similar code or API libraries. The core of SecureSync includes a usage model and a mapping algorithm for matching vulnerable code across different systems, a model for the comparison of vulnerability reports, and a tracing technique from a report to corresponding source code. Our preliminary evaluation with case studies showed the potential usefulness of SecureSync.
  • Keywords
    safety-critical software; API library; SecureSync approach; application program interface; mapping algorithm; recurring software vulnerability; software security vulnerability; tracing technique; vulnerable code matching; Computational modeling; Databases; Libraries; Protocols; Security; Software; Vectors;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Engineering, 2010 ACM/IEEE 32nd International Conference on
  • Conference_Location
    Cape Town
  • ISSN
    0270-5257
  • Print_ISBN
    978-1-60558-719-6
  • Type

    conf

  • DOI
    10.1145/1810295.1810336
  • Filename
    6062166
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2076678