A model for security vulnerability pattern

Hyungwoo Kang, Kibom Kim, Soonjwa Hong, Dong Hoon Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Static analysis technology is used to find programming errors before run time. Unlike dynamic analysis technique which looks at the application state while it is being executed, static analysis technique does not require the application to be executed. In this paper, we classify security vulnerability patterns in source code and design a model to express various security vulnerability patterns by making use of pushdown automata. On the basis of the model, it is possible to find a security vulnerability by making use of Abstract Syntax Tree (AST) based pattern matching technique in parsing level.-

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages385-394
Number of pages10
Volume3982 LNCS
Publication statusPublished - 2006 Jul 20
EventICCSA 2006: International Conference on Computational Science and Its Applications - Glasgow, United Kingdom
Duration: 2006 May 82006 May 11

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3982 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

OtherICCSA 2006: International Conference on Computational Science and Its Applications
CountryUnited Kingdom
CityGlasgow
Period06/5/806/5/11

Fingerprint

Static analysis
Vulnerability
Static Analysis
Technology
Pattern matching
Computer programming
Dynamic analysis
Pushdown Automata
Parsing
Pattern Matching
Dynamic Analysis
Express
Programming
Classify
Model

Keywords

  • Abstract Syntax Tree (AST)
  • Buffer overflow
  • Pushdown Automata (PDA)
  • Software security
  • Static analysis

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science

Cite this

Kang, H., Kim, K., Hong, S., & Lee, D. H. (2006). A model for security vulnerability pattern. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3982 LNCS, pp. 385-394). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3982 LNCS).

A model for security vulnerability pattern. / Kang, Hyungwoo; Kim, Kibom; Hong, Soonjwa; Lee, Dong Hoon.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 3982 LNCS 2006. p. 385-394 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3982 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kang, H, Kim, K, Hong, S & Lee, DH 2006, A model for security vulnerability pattern. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 3982 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3982 LNCS, pp. 385-394, ICCSA 2006: International Conference on Computational Science and Its Applications, Glasgow, United Kingdom, 06/5/8.
Kang H, Kim K, Hong S, Lee DH. A model for security vulnerability pattern. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 3982 LNCS. 2006. p. 385-394. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
Kang, Hyungwoo ; Kim, Kibom ; Hong, Soonjwa ; Lee, Dong Hoon. / A model for security vulnerability pattern. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 3982 LNCS 2006. pp. 385-394 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{1790810984c24dea89c422b7795b353b,
title = "A model for security vulnerability pattern",
abstract = "Static analysis technology is used to find programming errors before run time. Unlike dynamic analysis technique which looks at the application state while it is being executed, static analysis technique does not require the application to be executed. In this paper, we classify security vulnerability patterns in source code and design a model to express various security vulnerability patterns by making use of pushdown automata. On the basis of the model, it is possible to find a security vulnerability by making use of Abstract Syntax Tree (AST) based pattern matching technique in parsing level.-",
keywords = "Abstract Syntax Tree (AST), Buffer overflow, Pushdown Automata (PDA), Software security, Static analysis",
author = "Hyungwoo Kang and Kibom Kim and Soonjwa Hong and Lee, {Dong Hoon}",
year = "2006",
month = "7",
day = "20",
language = "English",
isbn = "3540340750",
volume = "3982 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "385--394",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - A model for security vulnerability pattern

AU - Kang, Hyungwoo

AU - Kim, Kibom

AU - Hong, Soonjwa

AU - Lee, Dong Hoon

PY - 2006/7/20

Y1 - 2006/7/20

N2 - Static analysis technology is used to find programming errors before run time. Unlike dynamic analysis technique which looks at the application state while it is being executed, static analysis technique does not require the application to be executed. In this paper, we classify security vulnerability patterns in source code and design a model to express various security vulnerability patterns by making use of pushdown automata. On the basis of the model, it is possible to find a security vulnerability by making use of Abstract Syntax Tree (AST) based pattern matching technique in parsing level.-

AB - Static analysis technology is used to find programming errors before run time. Unlike dynamic analysis technique which looks at the application state while it is being executed, static analysis technique does not require the application to be executed. In this paper, we classify security vulnerability patterns in source code and design a model to express various security vulnerability patterns by making use of pushdown automata. On the basis of the model, it is possible to find a security vulnerability by making use of Abstract Syntax Tree (AST) based pattern matching technique in parsing level.-

KW - Abstract Syntax Tree (AST)

KW - Buffer overflow

KW - Pushdown Automata (PDA)

KW - Software security

KW - Static analysis

UR - http://www.scopus.com/inward/record.url?scp=33745961730&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33745961730&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:33745961730

SN - 3540340750

SN - 9783540340751

VL - 3982 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 385

EP - 394

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -