Title :
Detecting recurring and similar software vulnerabilities
Author :
Pham, Nam H. ; Nguyen, Tung Thanh ; Nguyen, Hoan Anh ; Wang, Xinying ; Nguyen, Anh Tuan ; Nguyen, Tien N.
Abstract :
New software security vulnerabilities are discovered on almost daily basis and it is vital to be able to identify and resolve them as early as possible. Fortunately, many software vulnerabilities are recurring or very similar, thus, one could effectively detect and fix a vulnerability in a system by consulting the similar vulnerabilities and fixes from other systems. In this paper, we propose, SecureSync, an automatic approach to detect and provide suggested resolutions for recurring software vulnerabilities on multiple systems sharing/using similar code or API libraries. The core of SecureSync includes a usage model and a mapping algorithm for matching vulnerable code across different systems, a model for the comparison of vulnerability reports, and a tracing technique from a report to corresponding source code. Our preliminary evaluation with case studies showed the potential usefulness of SecureSync.
Keywords :
safety-critical software; API library; SecureSync approach; application program interface; mapping algorithm; recurring software vulnerability; software security vulnerability; tracing technique; vulnerable code matching; Computational modeling; Databases; Libraries; Protocols; Security; Software; Vectors;
Conference_Titel :
Software Engineering, 2010 ACM/IEEE 32nd International Conference on
Conference_Location :
Cape Town
Print_ISBN :
978-1-60558-719-6
DOI :
10.1145/1810295.1810336
