A model for security vulnerability pattern

Hyungwoo Kang; Kibom Kim; Soonjwa Hong; Dong Hoon Lee

doi:10.1007/11751595_42

A model for security vulnerability pattern

Hyungwoo Kang, Kibom Kim, Soonjwa Hong, Dong Hoon Lee

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Citations (Scopus)

Abstract

Static analysis technology is used to find programming errors before run time. Unlike dynamic analysis technique which looks at the application state while it is being executed, static analysis technique does not require the application to be executed. In this paper, we classify security vulnerability patterns in source code and design a model to express various security vulnerability patterns by making use of pushdown automata. On the basis of the model, it is possible to find a security vulnerability by making use of Abstract Syntax Tree (AST) based pattern matching technique in parsing level.-

Original language	English
Title of host publication	Computational Science and Its Applications - ICCSA 2006
Subtitle of host publication	International Conference, Proceedings - Part III
Publisher	Springer Verlag
Pages	385-394
Number of pages	10
ISBN (Print)	3540340750, 9783540340751
DOIs	https://doi.org/10.1007/11751595_42
Publication status	Published - 2006
Event	ICCSA 2006: International Conference on Computational Science and Its Applications - Glasgow, United Kingdom Duration: 2006 May 8 → 2006 May 11

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	3982 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	ICCSA 2006: International Conference on Computational Science and Its Applications
Country/Territory	United Kingdom
City	Glasgow
Period	06/5/8 → 06/5/11

Keywords

Abstract Syntax Tree (AST)
Buffer overflow
Pushdown Automata (PDA)
Software security
Static analysis

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/11751595_42

Cite this

Kang, H., Kim, K., Hong, S., & Lee, D. H. (2006). A model for security vulnerability pattern. In Computational Science and Its Applications - ICCSA 2006: International Conference, Proceedings - Part III (pp. 385-394). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3982 LNCS). Springer Verlag. https://doi.org/10.1007/11751595_42

A model for security vulnerability pattern. / Kang, Hyungwoo; Kim, Kibom; Hong, Soonjwa et al.
Computational Science and Its Applications - ICCSA 2006: International Conference, Proceedings - Part III. Springer Verlag, 2006. p. 385-394 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3982 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kang, H, Kim, K, Hong, S & Lee, DH 2006, A model for security vulnerability pattern. in Computational Science and Its Applications - ICCSA 2006: International Conference, Proceedings - Part III. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3982 LNCS, Springer Verlag, pp. 385-394, ICCSA 2006: International Conference on Computational Science and Its Applications, Glasgow, United Kingdom, 06/5/8. https://doi.org/10.1007/11751595_42

Kang H, Kim K, Hong S, Lee DH. A model for security vulnerability pattern. In Computational Science and Its Applications - ICCSA 2006: International Conference, Proceedings - Part III. Springer Verlag. 2006. p. 385-394. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/11751595_42

Kang, Hyungwoo ; Kim, Kibom ; Hong, Soonjwa et al. / A model for security vulnerability pattern. Computational Science and Its Applications - ICCSA 2006: International Conference, Proceedings - Part III. Springer Verlag, 2006. pp. 385-394 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{1790810984c24dea89c422b7795b353b,

title = "A model for security vulnerability pattern",

abstract = "Static analysis technology is used to find programming errors before run time. Unlike dynamic analysis technique which looks at the application state while it is being executed, static analysis technique does not require the application to be executed. In this paper, we classify security vulnerability patterns in source code and design a model to express various security vulnerability patterns by making use of pushdown automata. On the basis of the model, it is possible to find a security vulnerability by making use of Abstract Syntax Tree (AST) based pattern matching technique in parsing level.-",

keywords = "Abstract Syntax Tree (AST), Buffer overflow, Pushdown Automata (PDA), Software security, Static analysis",

author = "Hyungwoo Kang and Kibom Kim and Soonjwa Hong and Lee, {Dong Hoon}",

year = "2006",

doi = "10.1007/11751595_42",

language = "English",

isbn = "3540340750",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "385--394",

booktitle = "Computational Science and Its Applications - ICCSA 2006",

note = "ICCSA 2006: International Conference on Computational Science and Its Applications ; Conference date: 08-05-2006 Through 11-05-2006",

}

TY - GEN

T1 - A model for security vulnerability pattern

AU - Kang, Hyungwoo

AU - Kim, Kibom

AU - Hong, Soonjwa

AU - Lee, Dong Hoon

PY - 2006

Y1 - 2006

N2 - Static analysis technology is used to find programming errors before run time. Unlike dynamic analysis technique which looks at the application state while it is being executed, static analysis technique does not require the application to be executed. In this paper, we classify security vulnerability patterns in source code and design a model to express various security vulnerability patterns by making use of pushdown automata. On the basis of the model, it is possible to find a security vulnerability by making use of Abstract Syntax Tree (AST) based pattern matching technique in parsing level.-

AB - Static analysis technology is used to find programming errors before run time. Unlike dynamic analysis technique which looks at the application state while it is being executed, static analysis technique does not require the application to be executed. In this paper, we classify security vulnerability patterns in source code and design a model to express various security vulnerability patterns by making use of pushdown automata. On the basis of the model, it is possible to find a security vulnerability by making use of Abstract Syntax Tree (AST) based pattern matching technique in parsing level.-

KW - Abstract Syntax Tree (AST)

KW - Buffer overflow

KW - Pushdown Automata (PDA)

KW - Software security

KW - Static analysis

UR - http://www.scopus.com/inward/record.url?scp=33745961730&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33745961730&partnerID=8YFLogxK

U2 - 10.1007/11751595_42

DO - 10.1007/11751595_42

M3 - Conference contribution

AN - SCOPUS:33745961730

SN - 3540340750

SN - 9783540340751

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 385

EP - 394

BT - Computational Science and Its Applications - ICCSA 2006

PB - Springer Verlag

T2 - ICCSA 2006: International Conference on Computational Science and Its Applications

Y2 - 8 May 2006 through 11 May 2006

ER -

A model for security vulnerability pattern

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this