Title :
Towards Security Vulnerability Detection by Source Code Model Checking
Author_Institution :
SAP Res., Sophia Antipolis, France
Abstract :
Security in code level is an important aspect to achieve high quality software. Various security programming guidelines are defined to improve the quality of software code. At the same time, enforcing mechanisms of these guidelines are needed. In this paper, we use source code model checking technique to check whether some security programming guidelines are followed, and correspondingly to detect related security vulnerabilities. Two SAP security programming guidelines related to logging sensitive information and Cross-Site Scripting attack are used as examples. In the case studies, Bandera Tool Set is used as source code model checker, and minimizing programmers´ additional effort is set as one of the goals.
Keywords :
formal verification; security of data; software quality; Bandera tool set; SAP security programming guidelines; cross-site scripting attack; security vulnerability detection; software code quality; source code model checking; Application software; Electronic mail; Guidelines; Information security; Java; Programming profession; Software quality; Software testing; Specification languages; Time factors; model checking; security; source code analysis;
Conference_Titel :
Software Testing, Verification, and Validation Workshops (ICSTW), 2010 Third International Conference on
Conference_Location :
Paris
Print_ISBN :
978-1-4244-6773-0
DOI :
10.1109/ICSTW.2010.23
