| SVR-Miner:一种基于大型软件的安全验证规则挖掘和缺陷检测工具 |
| |
| 引用本文: | 梁彬,谢素斌,石文昌,梁朝晖,陈红.SVR-Miner:一种基于大型软件的安全验证规则挖掘和缺陷检测工具[J].中国通信学报,2011,8(4):84-98. |
| |
| 作者姓名: | 梁彬 谢素斌 石文昌 梁朝晖 陈红 |
| |
| 摘 要: |
|
| 收稿时间: | 2011-09-08; |
SVR-Miner: Mining Security Validation Rules and Detecting Violations in Large Software |
| |
| Liang Bin,Xie Subin,Shi Wenchang,Liang Zhaohui,Chen Hong.SVR-Miner: Mining Security Validation Rules and Detecting Violations in Large Software[J].China communications magazine,2011,8(4):84-98. |
| |
| Authors: | Liang Bin Xie Subin Shi Wenchang Liang Zhaohui Chen Hong |
| |
| Affiliation: | 1School of Information,Renmin University of China,Beijing100872,P.R.China
2China Lnformation Technology Security Evaluation Center,Beijing100085,P.R.China |
| |
| Abstract: | For various reasons, many of the security programming rules applicable to specific software have not been recorded in official documents, and hence can hardly be employed by static analysis tools for detection. In this paper, we propose a new approach, named SVR Miner (Security Validation Rules Miner), which uses frequent sequence mining technique [1 4] to automatically infer implicit security validation rules from large software code written in C programming language. Different from the past works in this area, SVR Miner introduces three techniques which are sensitive thread, program slicing [5 7], and equivalent statements computing to improve the accuracy of rules. Experiments with the Linux Kernel demonstrate the effectiveness of our approach. With the ten given sensitive threads, SVR Miner automatically generated 17 security validation rules and detected 8 violations, 5 of which were published by Linux Kernel Organization before we detected them. We have reported the other three to the Linux Kernel Organization recently. |
| |
| Keywords: | static analysis data mining automated validation rules extraction automated violation detection |
|
| 点击此处可从《中国通信学报》浏览原始摘要信息 |
|
点击此处可从《中国通信学报》下载全文 |
|
