Automatic Detection of Safety and Security Vulnerabilities in Open Source Software
نویسندگان
چکیده
Automatic Detection of Safety and Security Vulnerabilities in Open Source Software Syrine Tlili, Ph.D. Concordia University, 2009 Growing software quality requirements have raised the stakes on software safety and security. Building secure software focuses on techniques and methodologies of design and implementation in order to avoid exploitable vulnerabilities. Unfortunately, coding errors have become common with the inexorable growth tendency of software size and complexity. According to the US National Institute of Standards and Technology (NIST), these coding errors lead to vulnerabilities that cost the US economy $60 billion each year. Therefore, tracking security and safety errors is considered as a fundamental cornerstone to deliver software that are free from severe vulnerabilities. The main objective of this thesis is the elaboration of efficient, rigorous, and practical techniques for the safety and security evaluation of source code. To tackle safety errors related to the misuse of type and memory operations, we present a novel type and
منابع مشابه
Automatic Detection of Vulnerabilities in Web Applications using Fuzzing
Automatic detection of vulnerabilities is a problem studied in literature and a very important concern in application development with security requirements. Fuzzing is a software testing technique, automated or semi-automated, that involves injecting a massive quantity of semi-random inputs in software in order to find security vulnerabilities. Many vulnerability detection techniques need manu...
متن کاملAn Empirical Analysis of Exploitation Attempts Based on Vulnerabilities in Open Source Software
For open source software, security attention frequently focuses on the discovery of vulnerabilities prior to release. The large number of diverse people who view the source code may find vulnerabilities before the software product is release. Therefore, open source software has the potential to be more secure than closed source software. Unfortunately, for vulnerabilities found after release, t...
متن کاملFighting Security Bugs in the Linux Kernel
This article outlines possibilities of automatic finding of security vulnerabilities in the source code of the Linux kernel. In the first part we will describe (some of) the possible vulnerable constructs (based on observations of security vulnerabilities having been fixed in the kernel in the past) and describe how they could be exploited to gain elevated privileges on the system. The second p...
متن کاملA Hybrid Framework for the Systematic Detection of Software Security Vulnerabilities in Source Code
A Hybrid Framework for the Systematic Detection of Software Security Vulnerabilities in Source Code Aiman Hanna, Ph.D. Concordia University, 2012 In this thesis, we address the problem of detecting vulnerabilities in software where the source code is available, such as free-and-open-source software. In this, we rely on the use of security testing. Either static or dynamic analysis can be used f...
متن کاملOpen-source Security Software Security for Open-source Systems
S ome people have claimed that open-source software is intrinsically more secure than closed source, 1 and others have claimed that it's not. 2 Neither case is absolutely true: they are essentially flip sides of the same coin. Open source gives both attackers and defenders greater analytic power to do something about software vulnerabilities. If the defender does nothing about security, though,...
متن کامل