- 3
- 0
- 约 41页
- 2016-04-09 发布于湖北
- 举报
* Vulnerability Identification Identification Identify Violations of Security Specification and Verify Software’s Security Properties. Security Specification Test cases * Vulnerability Identification—Static Analysis Static analysis checks violations of security specification from the program text. Comprehensive: cover entire codes Lightweight: test cases are not required and no need to guess or interpret software’s behavior. * Vulnerability Identification—Static Analysis Examples of Static Analysis Tools FindBugs (Java) PMD (Java) FxCop(.NET) XSSDetect (.NET) * Vulnerability Identification—Static Analysis Limintations: Difficult to reason about values with sufficient precision ( concrete value of an index or size of an object, heap layout, pointers). Will not find issues related to operational environments Tend to generate false positive and false negative * Vulnerability Identification—Run-time Detection No requirement to have access to source code. Run-time detection can check software deeper properties, such as infrastructure, configuration and path errors. * Vulnerability Identification—Run-time Detection Debugging—VC++, gcc Dynamic Instrumentation—Valgrind Whole-system emulation—BitBlaze, BAP * Contents 1 2 3 4 5 Software Vulnerability Security Specification Test Case Generation Vulnerability Identification Our Work * Environment-Sensitive Vulnerability Detection Environment-Sensitive Vulnerability is the mismatch between the assumptions made during the development about the execution environment of the software, and the environment in which the program executes. Year 2000 problem: the practice of representing the year with two digits becomes problematic with logical errors arising upon rollover from x99 to x00. * Environment-Sensitive Vulnerability Detection Environment-Sensitive Variable Propagation analysis Record a detailed and concrete execution trace Infer environment-sensitive variables from static analysis on the execution trace Use taint analy
您可能关注的文档
- 混凝土结构设计原理章分析报告.ppt
- 混凝土结构设计原理总复习—分析报告.ppt
- 混凝土结构设计之受弯构件设计分析报告.ppt
- 混凝土结构绪论分析报告.ppt
- 混凝土结构与砌体结构内容()分析报告.ppt
- 混凝土抗渗性能分析报告.ppt
- 混凝土裂缝的成因及控制分析报告.doc
- 混凝土裂缝修补技术与管理质量控制分析报告.ppt
- 混凝土路面施工组织设计(级公路标准)分析报告.doc
- 混凝土配合比计算版分析报告.ppt
- 伟明环保-市场前景及投资研究报告-境内业务稳健运行,印尼市场贡献边际增量.pdf
- 桂东县法院系统招聘考试真题2025.pdf
- 贵州省黔南布依族2026年中考三模物理试题及答案.pdf
- 贵州省黔南州2026年中考语文二模试卷附答案.pdf
- 贵州省铜仁市2026年中考语文二模试卷附答案.pdf
- 2026上半年安徽事业单位联考合肥市庐江县招聘36人备考题库及一套完整答案详解.docx
- 贵州省毕节市2026年中考语文一模试卷附答案.pdf
- 贵州省贵阳市南明区2026年中考语文一模试卷附答案.pdf
- 2026上半年安徽事业单位联考合肥市庐江县招聘36人备考题库及一套参考答案详解.docx
- 贵州省贵阳市白云区2026年中考二模物理试题附答案.pdf
最近下载
- 部编版(26春)小学语文一年级下册教学设计全册.docx VIP
- 春节复工煤矿工人培训教案.pptx VIP
- Haier海尔蒸箱ST450-30S说明书.pdf
- Joyoung九阳电饭煲F30S-S160使用说明书.pdf
- 2025年新疆中考物理试题(含答案详解)原卷.pdf
- 79博客-目录书签跳转版.pdf VIP
- 计算智能 课件全套 第1--11章 绪论、模糊系统理论---新型群智能优化算法.pptx
- 2025年国庆节后煤矿复产复工'六个一'安全资料汇编.docx VIP
- 2023中国生物材料大会会议手册-ok.pdf VIP
- Midea 美的 ET1065QL-01SE嵌入式电烤箱 说明书.pdf
原创力文档

文档评论(0)