Detecting Violations of Security Requirements for Vulnerability Discovery in Source Code
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Li, Hongzhe | - |
dc.contributor.author | Oh, Jaesang | - |
dc.contributor.author | Lee, Heejo | - |
dc.date.accessioned | 2021-09-03T20:41:19Z | - |
dc.date.available | 2021-09-03T20:41:19Z | - |
dc.date.created | 2021-06-16 | - |
dc.date.issued | 2016-09 | - |
dc.identifier.issn | 1745-1361 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/87707 | - |
dc.description.abstract | Finding software vulnerabilities in source code before the program gets deployed is crucial to ensure the software quality. Existing source code auditing tools for vulnerability detection generate too many false positives, and only limited types of vulnerability can be detected automatically. In this paper, we propose an extendable mechanism to reveal vulnerabilities in source code with low false positives by specifying security requirements and detecting requirement violations of the potential vulnerable sinks. The experimental results show that the proposed mechanism can detect vulnerabilities with zero false positives and indicate the extendability of the mechanism to cover more types of vulnerabilities. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG | - |
dc.title | Detecting Violations of Security Requirements for Vulnerability Discovery in Source Code | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Lee, Heejo | - |
dc.identifier.doi | 10.1587/transinf.2016EDL8035 | - |
dc.identifier.scopusid | 2-s2.0-84984885335 | - |
dc.identifier.wosid | 000384920500021 | - |
dc.identifier.bibliographicCitation | IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, v.E99D, no.9, pp.2385 - 2389 | - |
dc.relation.isPartOf | IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS | - |
dc.citation.title | IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS | - |
dc.citation.volume | E99D | - |
dc.citation.number | 9 | - |
dc.citation.startPage | 2385 | - |
dc.citation.endPage | 2389 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Software Engineering | - |
dc.subject.keywordAuthor | software vulnerability | - |
dc.subject.keywordAuthor | security sinks | - |
dc.subject.keywordAuthor | security requirements | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(02841) 서울특별시 성북구 안암로 14502-3290-1114
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.