A model for security vulnerability pattern

Hyungwoo Kang, Kibom Kim, Soonjwa Hong, Dong Hoon Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Static analysis technology is used to find programming errors before run time. Unlike dynamic analysis technique which looks at the application state while it is being executed, static analysis technique does not require the application to be executed. In this paper, we classify security vulnerability patterns in source code and design a model to express various security vulnerability patterns by making use of pushdown automata. On the basis of the model, it is possible to find a security vulnerability by making use of Abstract Syntax Tree (AST) based pattern matching technique in parsing level.-

Original languageEnglish
Title of host publicationComputational Science and Its Applications - ICCSA 2006
Subtitle of host publicationInternational Conference, Proceedings - Part III
PublisherSpringer Verlag
Pages385-394
Number of pages10
ISBN (Print)3540340750, 9783540340751
Publication statusPublished - 2006 Jan 1
EventICCSA 2006: International Conference on Computational Science and Its Applications - Glasgow, United Kingdom
Duration: 2006 May 82006 May 11

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3982 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

OtherICCSA 2006: International Conference on Computational Science and Its Applications
CountryUnited Kingdom
CityGlasgow
Period06/5/806/5/11

    Fingerprint

Keywords

  • Abstract Syntax Tree (AST)
  • Buffer overflow
  • Pushdown Automata (PDA)
  • Software security
  • Static analysis

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Kang, H., Kim, K., Hong, S., & Lee, D. H. (2006). A model for security vulnerability pattern. In Computational Science and Its Applications - ICCSA 2006: International Conference, Proceedings - Part III (pp. 385-394). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3982 LNCS). Springer Verlag.