A survey of static analysis methods for identifying security vulnerabilities in software systems

2007 ◽  
Vol 46 (2) ◽  
pp. 265-288 ◽  
Author(s):  
M. Pistoia ◽  
S. Chandra ◽  
S. J. Fink ◽  
E. Yahav
Keyword(s):  
Static Analysis ◽  
Software Systems ◽  
Security Vulnerabilities ◽  
Analysis Methods

scholarly journals Generation and Visualization of Static Function Call Graph for Large C Codebases

2021 ◽  
Vol 10 (6) ◽  
pp. 1-6
Author(s):  
Sourabh S Badhya ◽  
◽  
Shobha G ◽  
Keyword(s):  
Software Development ◽  
Static Analysis ◽  
Software Systems ◽  
Call Graph ◽  
Analysis Methods ◽  
Development Lifecycle ◽  
Function Call ◽  
Software Development Lifecycle ◽  
The Many

As software systems evolve, there is a growing concern on how to manage and maintain a large codebase and fully understand all the modules present in it. Developers spend a significant amount of time analyzing dependencies before making any changes into codebases. Therefore, there is a growing need for applications which can easily make developers comprehend dependencies in large codebases. These applications must be able to analyze large codebases and must have the ability to identify all the dependencies, so that new developers can easily analyze the codebase and start making changes in short periods of time. Static analysis provides a means of analyzing dependencies in large codebases and is an important part of software development lifecycle. Static analysis has been proven to be extremely useful over the years in their ability to comprehend large codebases. Out of the many static analysis methods, this paper focuses on static function call graph (SFCG) which represents dependencies between functions in the form of a graph. This paper illustrates the feasibility of many tools which generate SFCG and locks in on Doxygen which is extremely reliant for large codebases. The paper also discusses the optimizations, issues and its corresponding solutions for Doxygen. Finally, this paper presents a way of representing SFCG which is easier to comprehend for developers.

Measuring, analyzing and predicting security vulnerabilities in software systems

2007 ◽  
Vol 26 (3) ◽  
pp. 219-228 ◽  
Author(s):  
O.H. Alhazmi ◽  
Y.K. Malaiya ◽  
I. Ray
Keyword(s):  
Software Systems ◽  
Security Vulnerabilities

An empirical study on combining diverse static analysis tools for web security vulnerabilities based on development scenarios

Computing ◽  
2018 ◽  
Vol 101 (2) ◽  
pp. 161-185 ◽  
Author(s):  
Paulo Nunes ◽  
Ibéria Medeiros ◽  
José Fonseca ◽  
Nuno Neves ◽  
Miguel Correia ◽  
...  
Keyword(s):  
Empirical Study ◽  
Static Analysis ◽  
Web Security ◽  
Security Vulnerabilities ◽  
Development Scenarios ◽  
Analysis Tools

Creating and Applying Security Goal Indicator Trees in an Industrial Environment

2014 ◽  
pp. 999-1013
Author(s):  
Alessandra Bagnato ◽  
Fabio Raiteri ◽  
Christian Jung ◽  
Frank Elberzhager
Keyword(s):  
Software Development ◽  
Software Systems ◽  
Full Potential ◽  
Security Vulnerabilities ◽  
Industrial Project ◽  
Project Environment ◽  
Development Tools ◽  
Development Lifecycle ◽  
Software Development Lifecycle

Security inspections are increasingly important for bringing security-relevant aspects into software systems, particularly during the early stages of development. Nowadays, such inspections often do not focus specifically on security. With regard to security, the well-known and approved benefits of inspections are not exploited to their full potential. This book chapter focuses on the Security Goal Indicator Tree application for eliminating existing shortcomings, the training that led to their creation in an industrial project environment, their usage, and their reuse by a team in industry. SGITs are a new approach for modeling and checking security-relevant aspects throughout the entire software development lifecycle. This book chapter describes the modeling of such security goal based trees as part of requirements engineering using the GOAT tool dedicated plug-in and the retrieval of these models during the various phases of the software development lifecycle in a project by means of Software Vulnerability Repository Services (SVRS) created in the European project SHIELDS (SHIELDS - Detecting known security vulnerabilities from within design and development tools).

A New Dynamic Protocol Analysis Model

2013 ◽  
Vol 765-767 ◽  
pp. 1761-1765
Author(s):  
Fu Lin Li ◽  
Jie Yang ◽  
Hong Wei Zhou ◽  
Ying Liu
Keyword(s):  
Static Analysis ◽  
Theorem Proving ◽  
Protocol Analysis ◽  
Experimental Results ◽  
Analysis Model ◽  
Formal Validation ◽  
Analysis Methods

Traditional static analysis methods such as formal validation and theorem proving were used to analyze protocols security previously. These methods can not measure and evaluate actual security of protocols accurately for the setting and suppose are far from the actual conditions. This paper proposes a new dynamic protocol analysis model. The system based on the model can be used to active test in actual running conditions, analyze known protocols security, integrity, robustness, and analyze unknown protocols online, provide support for protocol designer. The systems structure, working flow and implementation of key modules are described. The experimental results validate the validity of the models design.

scholarly journals Intrusion Detection in IoT based Smart Networks using Fuzzy Brain Storm Optimization Technique

2019 ◽  
Vol 8 (6) ◽  
pp. 3066-3071
Keyword(s):  
Embedded Systems ◽  
Optimization Technique ◽  
Security And Privacy ◽  
Smart Devices ◽  
Software Systems ◽  
Security Risks ◽  
Security Vulnerabilities ◽  
Brain Storm Optimization ◽  
Fuzzy C Means Clustering ◽  
The Internet Of Things

The Internet of Things (IoT) is characterized as an approach where objects are outfitted with sensors, processors, and actuators which include design of hardware board and development, protocols, web APIs, and software systems, which combined to make an associated architecture of embedded systems. This connected environment enables technologies to get associated with different networks, platforms, and devices, making a web of communication which is reforming the manner in which we communicate with the world digitally. These connected embedded systems are changing behaviour and interactions with our environment, networks, and homes, and also with our own bodies in terms of smart devices. Security and privacy are the most significant consideration in the field of real-world communication and mainly on IoTs. With the evolution of IoT the network layer security in the IoT has drawn greater focus. The security vulnerabilities in the IoT system could make security risks based on any application. Therefore there is an essential requirement for IDS for the IoT based systems for avoiding security attacks based on security vulnerabilities. This paper proposed a fuzzy c-means clustering with brain storm optimization algorithm (FBSO) for IDS based on IoT system. The NSL-KDD dataset is utilized to evaluate and simulate the proposed algorithm. The results demonstrate that the proposed technique efficiently recognize intrusion attacks and decrease the network difficulties

Sign in / Sign up

Export Citation Format

Share Document