Title :
Research on XML Based Static Software Security Analysis
Author :
Zheng, Hongbo ; Zhou, Kuanjiu ; Lai, Xiaochen ; Liu, Chunyan ; Chi, Zongzheng
Author_Institution :
Sch. of Software, Dalian Univ. of Technol., Dalian, China
Abstract :
Fatal security vulnerabilities are caused by undefined behaviors of C/C++ language used in Safety-Critical software design. Software static analysis is an important technique for identifying security vulnerabilities from software code and structure. The method of static analysis based on XML intermediate model is proposed in term of safety rules. The source code is interpreted as XML intermediate model, while safety rules are translated into vulnerabilities pattern, and Xquery expression is used to locate security vulnerabilities by this method. The experimental result of a prototype system based on this method shows that this method can effectively detect the software vulnerabilities in violation of safety rules and has the advantage of supporting customization of safety rules.
Keywords :
C++ language; XML; program testing; safety-critical software; security of data; C language; C++ language; XML intermediate model; Xquery expression; fatal security vulnerability; safety rule; safety-critical software design; software code; software structure; software vulnerabilities pattern; source code; static software security analysis; Data models; Programming; Prototypes; Safety; Security; Software; XML; XML; Xquery; safety rules; static analysis; vulnerabilitiespattern;
Conference_Titel :
Software Engineering (WCSE), 2010 Second World Congress on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-9287-9
DOI :
10.1109/WCSE.2010.68
