Title :
Vulnerability Localization Method Based on Software Structural Signature of Complex Network
Author :
Fan Yang ; Huanguo Zhang
Author_Institution :
Comput. Sch., Wuhan Univ., Wuhan, China
Abstract :
Software vulnerability localization is of great importance for vulnerability analysis as the basic step of vulnerability exploitation and vulnerability fix up. By viewing large-scale software as a complex network system, we present a new method of vulnerability localization. The software structure is depicted by system-level features of complex network. In this way, we generate structural signatures of the original and patched software respectively. By comparing the structural signatures and splitting the connexity group recursively, the vulnerability location can be localized. To speed up the comparison, backtracking is taken during the recursion. Results of the experiments show the effective localization capability of this method.
Keywords :
backtracking; complex networks; digital signatures; software engineering; backtracking; complex network; complex network system; connexity group splitting; large-scale software; patched software; software structural signature; software vulnerability localization method; structural signatures; system-level features; vulnerability analysis; vulnerability exploitation; vulnerability fixup; Complex networks; Computers; Educational institutions; Flow graphs; Security; Software systems; Backtracking; Complex Network; Structural Signature; Vulnerability Localization;
Conference_Titel :
Embedded Multicore Socs (MCSoC), 2013 IEEE 7th International Symposium on
Conference_Location :
Tokyo
DOI :
10.1109/MCSoC.2013.37
