Detecting violations of security requirements for vulnerability discovery in source code

Hongzhe Li, Jaesang Oh, Heejo Lee

    Research output: Contribution to journalArticlepeer-review

    2 Citations (Scopus)

    Abstract

    Finding software vulnerabilities in source code before the program gets deployed is crucial to ensure the software quality. Existing source code auditing tools for vulnerability detection generate too many false positives, and only limited types of vulnerability can be detected automatically. In this paper, we propose an extendable mechanism to reveal vulnerabilities in source code with low false positives by specifying security requirements and detecting requirement violations of the potential vulnerable sinks. The experimental results show that the proposed mechanism can detect vulnerabilities with zero false positives and indicate the extendability of the mechanism to cover more types of vulnerabilities.

    Original languageEnglish
    Pages (from-to)2385-2389
    Number of pages5
    JournalIEICE Transactions on Information and Systems
    VolumeE99D
    Issue number9
    DOIs
    Publication statusPublished - 2016 Sep

    Keywords

    • Security requirements
    • Security sinks
    • Software vulnerability

    ASJC Scopus subject areas

    • Software
    • Hardware and Architecture
    • Computer Vision and Pattern Recognition
    • Electrical and Electronic Engineering
    • Artificial Intelligence

    Fingerprint

    Dive into the research topics of 'Detecting violations of security requirements for vulnerability discovery in source code'. Together they form a unique fingerprint.

    Cite this