A survey of static analysis methods for identifying security vulnerabilities in software systems

2007 ◽  
Vol 46 (2) ◽  
pp. 265-288 ◽  
Author(s):  
M. Pistoia ◽  
S. Chandra ◽  
S. J. Fink ◽  
E. Yahav
Author(s):  
Sourabh S Badhya ◽  
◽  
Shobha G ◽  

As software systems evolve, there is a growing concern on how to manage and maintain a large codebase and fully understand all the modules present in it. Developers spend a significant amount of time analyzing dependencies before making any changes into codebases. Therefore, there is a growing need for applications which can easily make developers comprehend dependencies in large codebases. These applications must be able to analyze large codebases and must have the ability to identify all the dependencies, so that new developers can easily analyze the codebase and start making changes in short periods of time. Static analysis provides a means of analyzing dependencies in large codebases and is an important part of software development lifecycle. Static analysis has been proven to be extremely useful over the years in their ability to comprehend large codebases. Out of the many static analysis methods, this paper focuses on static function call graph (SFCG) which represents dependencies between functions in the form of a graph. This paper illustrates the feasibility of many tools which generate SFCG and locks in on Doxygen which is extremely reliant for large codebases. The paper also discusses the optimizations, issues and its corresponding solutions for Doxygen. Finally, this paper presents a way of representing SFCG which is easier to comprehend for developers.


2007 ◽  
Vol 26 (3) ◽  
pp. 219-228 ◽  
Author(s):  
O.H. Alhazmi ◽  
Y.K. Malaiya ◽  
I. Ray

Computing ◽  
2018 ◽  
Vol 101 (2) ◽  
pp. 161-185 ◽  
Author(s):  
Paulo Nunes ◽  
Ibéria Medeiros ◽  
José Fonseca ◽  
Nuno Neves ◽  
Miguel Correia ◽  
...  

2014 ◽  
pp. 999-1013
Author(s):  
Alessandra Bagnato ◽  
Fabio Raiteri ◽  
Christian Jung ◽  
Frank Elberzhager

Security inspections are increasingly important for bringing security-relevant aspects into software systems, particularly during the early stages of development. Nowadays, such inspections often do not focus specifically on security. With regard to security, the well-known and approved benefits of inspections are not exploited to their full potential. This book chapter focuses on the Security Goal Indicator Tree application for eliminating existing shortcomings, the training that led to their creation in an industrial project environment, their usage, and their reuse by a team in industry. SGITs are a new approach for modeling and checking security-relevant aspects throughout the entire software development lifecycle. This book chapter describes the modeling of such security goal based trees as part of requirements engineering using the GOAT tool dedicated plug-in and the retrieval of these models during the various phases of the software development lifecycle in a project by means of Software Vulnerability Repository Services (SVRS) created in the European project SHIELDS (SHIELDS - Detecting known security vulnerabilities from within design and development tools).


2013 ◽  
Vol 765-767 ◽  
pp. 1761-1765
Author(s):  
Fu Lin Li ◽  
Jie Yang ◽  
Hong Wei Zhou ◽  
Ying Liu

Traditional static analysis methods such as formal validation and theorem proving were used to analyze protocols security previously. These methods can not measure and evaluate actual security of protocols accurately for the setting and suppose are far from the actual conditions. This paper proposes a new dynamic protocol analysis model. The system based on the model can be used to active test in actual running conditions, analyze known protocols security, integrity, robustness, and analyze unknown protocols online, provide support for protocol designer. The systems structure, working flow and implementation of key modules are described. The experimental results validate the validity of the models design.


The Internet of Things (IoT) is characterized as an approach where objects are outfitted with sensors, processors, and actuators which include design of hardware board and development, protocols, web APIs, and software systems, which combined to make an associated architecture of embedded systems. This connected environment enables technologies to get associated with different networks, platforms, and devices, making a web of communication which is reforming the manner in which we communicate with the world digitally. These connected embedded systems are changing behaviour and interactions with our environment, networks, and homes, and also with our own bodies in terms of smart devices. Security and privacy are the most significant consideration in the field of real-world communication and mainly on IoTs. With the evolution of IoT the network layer security in the IoT has drawn greater focus. The security vulnerabilities in the IoT system could make security risks based on any application. Therefore there is an essential requirement for IDS for the IoT based systems for avoiding security attacks based on security vulnerabilities. This paper proposed a fuzzy c-means clustering with brain storm optimization algorithm (FBSO) for IDS based on IoT system. The NSL-KDD dataset is utilized to evaluate and simulate the proposed algorithm. The results demonstrate that the proposed technique efficiently recognize intrusion attacks and decrease the network difficulties


Sign in / Sign up

Export Citation Format

Share Document