A method for discovering security bugs of software based on AOE Network

Jiadong Ren; Changzhen Hu; Kunsheng Wang; Ruiqing Ma

A method for discovering security bugs of software based on AOE Network

Jiadong Ren^*, Changzhen Hu, Kunsheng Wang, Ruiqing Ma

^*Corresponding author for this work

School of Cyberspace Science and Technology

Research output: Contribution to journal › Article › peer-review

4 Citations (Scopus)

Abstract

The existing methods for discovering security bugs all focus on one or twocategories of security properties each. Moreover, the false positive rates ofthe existing methods are all high. In this paper, we present a new approach forfinding hugs based on AOE networks. This method models the security propertiesusing FSA and the security hugs to he verified as AOE networks. First, themethod identifies whether the security-relevant operations violate securityproperties. Then, the method continues to check if those security-relevantoperations violating security properties obey bug properties described by AOEnetworks, and the security-relevant operations obeying bug properties are viewedas the real bug operations. Experimental analysis shows that our method has alower false positive rate and can check several security properties at once.ICIC International

Original language	English
Pages (from-to)	1081-1086
Number of pages	6
Journal	ICIC Express Letters
Volume	3
Issue number	4
Publication status	Published - Dec 2009

Keywords

AOE network
Model checking
Security bug
Security property

Cite this

@article{205e4dc4c4944072b11d508595e7c4d9,

title = "A method for discovering security bugs of software based on AOE Network",

abstract = "The existing methods for discovering security bugs all focus on one or twocategories of security properties each. Moreover, the false positive rates ofthe existing methods are all high. In this paper, we present a new approach forfinding hugs based on AOE networks. This method models the security propertiesusing FSA and the security hugs to he verified as AOE networks. First, themethod identifies whether the security-relevant operations violate securityproperties. Then, the method continues to check if those security-relevantoperations violating security properties obey bug properties described by AOEnetworks, and the security-relevant operations obeying bug properties are viewedas the real bug operations. Experimental analysis shows that our method has alower false positive rate and can check several security properties at once.ICIC International",

keywords = "AOE network, Model checking, Security bug, Security property",

author = "Jiadong Ren and Changzhen Hu and Kunsheng Wang and Ruiqing Ma",

year = "2009",

month = dec,

language = "English",

volume = "3",

pages = "1081--1086",

journal = "ICIC Express Letters",

issn = "1881-803X",

publisher = "ICIC Express Letters Office",

number = "4",

}

TY - JOUR

T1 - A method for discovering security bugs of software based on AOE Network

AU - Ren, Jiadong

AU - Hu, Changzhen

AU - Wang, Kunsheng

AU - Ma, Ruiqing

PY - 2009/12

Y1 - 2009/12

N2 - The existing methods for discovering security bugs all focus on one or twocategories of security properties each. Moreover, the false positive rates ofthe existing methods are all high. In this paper, we present a new approach forfinding hugs based on AOE networks. This method models the security propertiesusing FSA and the security hugs to he verified as AOE networks. First, themethod identifies whether the security-relevant operations violate securityproperties. Then, the method continues to check if those security-relevantoperations violating security properties obey bug properties described by AOEnetworks, and the security-relevant operations obeying bug properties are viewedas the real bug operations. Experimental analysis shows that our method has alower false positive rate and can check several security properties at once.ICIC International

AB - The existing methods for discovering security bugs all focus on one or twocategories of security properties each. Moreover, the false positive rates ofthe existing methods are all high. In this paper, we present a new approach forfinding hugs based on AOE networks. This method models the security propertiesusing FSA and the security hugs to he verified as AOE networks. First, themethod identifies whether the security-relevant operations violate securityproperties. Then, the method continues to check if those security-relevantoperations violating security properties obey bug properties described by AOEnetworks, and the security-relevant operations obeying bug properties are viewedas the real bug operations. Experimental analysis shows that our method has alower false positive rate and can check several security properties at once.ICIC International

KW - AOE network

KW - Model checking

KW - Security bug

KW - Security property

UR - http://www.scopus.com/inward/record.url?scp=77953881927&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:77953881927

SN - 1881-803X

VL - 3

SP - 1081

EP - 1086

JO - ICIC Express Letters

JF - ICIC Express Letters

IS - 4

ER -

A method for discovering security bugs of software based on AOE Network

Abstract

Keywords

Other files and links

Fingerprint

Cite this