Sergiu Zaharia, Traian Rebedea, Stefan Trausan-Matu
{"title":"使用松散耦合数据和控制流的源代码漏洞检测","authors":"Sergiu Zaharia, Traian Rebedea, Stefan Trausan-Matu","doi":"10.1109/SYNASC49474.2019.00016","DOIUrl":null,"url":null,"abstract":"Applications are one of the most used attack surfaces, and they must be secured at source code level, early in the development phase. Static Analysis Security Testing solutions, able to detect vulnerabilities in source code are limited to the most used programming languages and development frameworks. The proposed method consists of a security scanning solution based on an Intermediate Representation of source code which is loosely coupled with the programming language structure and to the data flow, preserving at the same time the security vulnerability patterns. The ability to identify vulnerable source code snippets in the Intermediate Representation of the original source code is the core idea for this research project. Using loosely coupled control flows and data flows representations of the original source code enables the development of new security scanners, which in the future will be able to evaluate applications written in new and exotic languages.","PeriodicalId":102054,"journal":{"name":"2019 21st International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)","volume":"54 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Source Code Vulnerabilities Detection Using Loosely Coupled Data and Control Flows\",\"authors\":\"Sergiu Zaharia, Traian Rebedea, Stefan Trausan-Matu\",\"doi\":\"10.1109/SYNASC49474.2019.00016\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Applications are one of the most used attack surfaces, and they must be secured at source code level, early in the development phase. Static Analysis Security Testing solutions, able to detect vulnerabilities in source code are limited to the most used programming languages and development frameworks. The proposed method consists of a security scanning solution based on an Intermediate Representation of source code which is loosely coupled with the programming language structure and to the data flow, preserving at the same time the security vulnerability patterns. The ability to identify vulnerable source code snippets in the Intermediate Representation of the original source code is the core idea for this research project. Using loosely coupled control flows and data flows representations of the original source code enables the development of new security scanners, which in the future will be able to evaluate applications written in new and exotic languages.\",\"PeriodicalId\":102054,\"journal\":{\"name\":\"2019 21st International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)\",\"volume\":\"54 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 21st International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SYNASC49474.2019.00016\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 21st International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SYNASC49474.2019.00016","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Source Code Vulnerabilities Detection Using Loosely Coupled Data and Control Flows
Applications are one of the most used attack surfaces, and they must be secured at source code level, early in the development phase. Static Analysis Security Testing solutions, able to detect vulnerabilities in source code are limited to the most used programming languages and development frameworks. The proposed method consists of a security scanning solution based on an Intermediate Representation of source code which is loosely coupled with the programming language structure and to the data flow, preserving at the same time the security vulnerability patterns. The ability to identify vulnerable source code snippets in the Intermediate Representation of the original source code is the core idea for this research project. Using loosely coupled control flows and data flows representations of the original source code enables the development of new security scanners, which in the future will be able to evaluate applications written in new and exotic languages.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
