Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
DSN
2003
IEEE
2003
IEEE
A Data-Driven Finite State Machine Model for Analyzing Security Vulnerabilities
This paper combines an analysis of data on security vulnerabilities (published in Bugtraq database) and a focused source-code examination to develop a finite state machine (FSM) model to depict and reason about security vulnerabilities. An in-depth analysis of the vulnerability reports and the corresponding source code of the applications leads to three observations: (i) exploits must pass through multiple elementary activities, (ii) multiple vulnerable operations on several objects are involved in exploiting a vulnerability, and (iii) the vulnerability data and corresponding code inspections allow us to derive a predicate for each elementary activity. Each predicate is represented as a primitive FSM (pFSM). Multiple pFSMs are then combined to create an FSM model of vulnerable operations and possible exploits. The proposed FSM methodology is exemplified by analyzing several types of vulnerabilities reported in the data: stack buffer overflow, integer overflow, heap overflow, input val...
Real-time TrafficComputer Networks | DSN 2003 | Finite State Machine | Security Vulnerabilities | Vulnerable Operations |
| Added | 04 Jul 2010 |
| Updated | 04 Jul 2010 |
| Type | Conference |
| Year | 2003 |
| Where | DSN |
| Authors | Shuo Chen, Zbigniew Kalbarczyk, Jun Xu, Ravishankar K. Iyer |
Comments (0)
Researcher Info
|
