Sciweavers

DSN
2008
IEEE

Convicting exploitable software vulnerabilities: An efficient input provenance based approach

13 years 5 months ago
Convicting exploitable software vulnerabilities: An efficient input provenance based approach
Software vulnerabilities are the root cause of a wide range of attacks. Existing vulnerability scanning tools are able to produce a set of suspects. However, they often suffer from a high false positive rate. Convicting a suspect and vindicating false positives are mostly a highly demanding manual process, requiring a certain level of understanding of the software. This limitation significantly thwarts the application of these tools by system administrators or regular users who are concerned about security but lack of understanding of, or even access to, the source code. It is often the case that even developers are reluctant to inspect/fix these numerous suspects unless they are convicted by evidence. In this paper, we propose a lightweight dynamic approach which generates evidence for various security vulnerabilities in software, with the goal of relieving the manual procedure. It is based on data lineage tracing, a technique that associates each execution point precisely with a set...
Zhiqiang Lin, Xiangyu Zhang, Dongyan Xu
Added 19 Oct 2010
Updated 19 Oct 2010
Type Conference
Year 2008
Where DSN
Authors Zhiqiang Lin, Xiangyu Zhang, Dongyan Xu
Comments (0)