A model for security vulnerability pattern

Hyungwoo Kang, Kibom Kim, Soonjwa Hong, Dong Hoon Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)


Static analysis technology is used to find programming errors before run time. Unlike dynamic analysis technique which looks at the application state while it is being executed, static analysis technique does not require the application to be executed. In this paper, we classify security vulnerability patterns in source code and design a model to express various security vulnerability patterns by making use of pushdown automata. On the basis of the model, it is possible to find a security vulnerability by making use of Abstract Syntax Tree (AST) based pattern matching technique in parsing level.-

Original languageEnglish
Title of host publicationComputational Science and Its Applications - ICCSA 2006
Subtitle of host publicationInternational Conference, Proceedings - Part III
PublisherSpringer Verlag
Number of pages10
ISBN (Print)3540340750, 9783540340751
Publication statusPublished - 2006
EventICCSA 2006: International Conference on Computational Science and Its Applications - Glasgow, United Kingdom
Duration: 2006 May 82006 May 11

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3982 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


OtherICCSA 2006: International Conference on Computational Science and Its Applications
Country/TerritoryUnited Kingdom


  • Abstract Syntax Tree (AST)
  • Buffer overflow
  • Pushdown Automata (PDA)
  • Software security
  • Static analysis

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'A model for security vulnerability pattern'. Together they form a unique fingerprint.

Cite this