A method for discovering security bugs of software based on AOE Network

The existing methods for discovering security bugs all focus on one or twocategories of security properties each. Moreover, the false positive rates ofthe existing methods are all high. In this paper, we present a new approach forfinding hugs based on AOE networks. This method models the security propertiesusing FSA and the security hugs to he verified as AOE networks. First, themethod identifies whether the security-relevant operations violate securityproperties. Then, the method continues to check if those security-relevantoperations violating security properties obey bug properties described by AOEnetworks, and the security-relevant operations obeying bug properties are viewedas the real bug operations. Experimental analysis shows that our method has alower false positive rate and can check several security properties at once.ICIC International