{"title":"基于代码模式的漏洞度量模型研究","authors":"John Heaps, Rocky Slavin, Xiaoyin Wang","doi":"10.1145/3205977.3208948","DOIUrl":null,"url":null,"abstract":"Many access control patterns, both positive and negative, have been identified in the past. However, there is little research describing how to leverage those patterns for the detection of access control bugs in code. Many software bug detection models and frameworks for access control exist, however most of these approaches and tools are process-based and suffer from many limitations. We propose a framework to detect access control bugs based on code pattern detection. Our framework will mine and generate bug patterns, detect those patterns in code, and calculate a vulnerability measure of software. Based on our knowledge we are the first pattern-based model for the detection and measurement of bugs in software. As a proof of concept, we perform a case study of the relational database access control pattern \"Improper Authorization''.","PeriodicalId":423087,"journal":{"name":"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Toward A Code Pattern Based Vulnerability Measurement Model\",\"authors\":\"John Heaps, Rocky Slavin, Xiaoyin Wang\",\"doi\":\"10.1145/3205977.3208948\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Many access control patterns, both positive and negative, have been identified in the past. However, there is little research describing how to leverage those patterns for the detection of access control bugs in code. Many software bug detection models and frameworks for access control exist, however most of these approaches and tools are process-based and suffer from many limitations. We propose a framework to detect access control bugs based on code pattern detection. Our framework will mine and generate bug patterns, detect those patterns in code, and calculate a vulnerability measure of software. Based on our knowledge we are the first pattern-based model for the detection and measurement of bugs in software. As a proof of concept, we perform a case study of the relational database access control pattern \\\"Improper Authorization''.\",\"PeriodicalId\":423087,\"journal\":{\"name\":\"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies\",\"volume\":\"31 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-06-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3205977.3208948\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 23nd ACM on Symposium on Access Control Models and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3205977.3208948","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Toward A Code Pattern Based Vulnerability Measurement Model
Many access control patterns, both positive and negative, have been identified in the past. However, there is little research describing how to leverage those patterns for the detection of access control bugs in code. Many software bug detection models and frameworks for access control exist, however most of these approaches and tools are process-based and suffer from many limitations. We propose a framework to detect access control bugs based on code pattern detection. Our framework will mine and generate bug patterns, detect those patterns in code, and calculate a vulnerability measure of software. Based on our knowledge we are the first pattern-based model for the detection and measurement of bugs in software. As a proof of concept, we perform a case study of the relational database access control pattern "Improper Authorization''.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
