{"title":"软件源代码漏洞检测的生产模型系统","authors":"A. Barabanov, A. Markov, Andrey Fadin, V. Tsirlov","doi":"10.1145/2799979.2800019","DOIUrl":null,"url":null,"abstract":"This paper is devoted to static analysis of the software code security. We suggest using heuristic static code analysis to detect a full spectrum of vulnerabilities, including backdoors. Production rules are suggested for use to formalize heuristics for detection of vulnerabilities. We developed a conceptual system of production models for detection of a full spectrum of vulnerabilities in the software code. This paper provides examples of heuristic formalization for detection of certain vulnerabilities classified subject to CWE register. It also provides a brief statistics of application of the suggested heuristic analysis in the study of the software code security.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Production Model System for Detecting Vulnerabilities in the Software Source Code\",\"authors\":\"A. Barabanov, A. Markov, Andrey Fadin, V. Tsirlov\",\"doi\":\"10.1145/2799979.2800019\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper is devoted to static analysis of the software code security. We suggest using heuristic static code analysis to detect a full spectrum of vulnerabilities, including backdoors. Production rules are suggested for use to formalize heuristics for detection of vulnerabilities. We developed a conceptual system of production models for detection of a full spectrum of vulnerabilities in the software code. This paper provides examples of heuristic formalization for detection of certain vulnerabilities classified subject to CWE register. It also provides a brief statistics of application of the suggested heuristic analysis in the study of the software code security.\",\"PeriodicalId\":293190,\"journal\":{\"name\":\"Proceedings of the 8th International Conference on Security of Information and Networks\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-09-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 8th International Conference on Security of Information and Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2799979.2800019\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 8th International Conference on Security of Information and Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2799979.2800019","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Production Model System for Detecting Vulnerabilities in the Software Source Code
This paper is devoted to static analysis of the software code security. We suggest using heuristic static code analysis to detect a full spectrum of vulnerabilities, including backdoors. Production rules are suggested for use to formalize heuristics for detection of vulnerabilities. We developed a conceptual system of production models for detection of a full spectrum of vulnerabilities in the software code. This paper provides examples of heuristic formalization for detection of certain vulnerabilities classified subject to CWE register. It also provides a brief statistics of application of the suggested heuristic analysis in the study of the software code security.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
