A memory-related vulnerability detection approach based on vulnerability model with Petri Net

With the continuous development of information technology, software vulnerabilities have become a critical threat to information security. Post-release detection of memory leaks, double free and use after free is one of the most challenging research problems in software vulnerability analysis. To ta...

Full description

Saved in:
Bibliographic Details
Published inJournal of logical and algebraic methods in programming Vol. 132; p. 100859
Main Authors Chen, Jinfu, Zhang, Chi, Cai, Saihua, Zhang, Lin, Ma, Liang
Format Journal Article
LanguageEnglish
Published Elsevier Inc 01.04.2023
Subjects
Double free
Memory leak
Use after free
Vulnerability detection
Vulnerability model
Vulnerability model
Use after free
Double free
Memory leak
Vulnerability detection
Online AccessGet full text

Cover

Abstract With the continuous development of information technology, software vulnerabilities have become a critical threat to information security. Post-release detection of memory leaks, double free and use after free is one of the most challenging research problems in software vulnerability analysis. To tackle this challenge, we introduce a vulnerability model based on Petri Net. We consider the characteristics and causes of vulnerabilities, modeling is conducted from the subject and environment of vulnerabilities. Based on this vulnerability model, we propose a memory-related vulnerability detection framework based on vulnerability model (MRVD-VM) and its vulnerability detection algorithm based on vulnerability mode (VDA-VM). The results of experiments on Juliet Test Suite 1.2 for C_CPP show that MRVD-VM significantly outperforms three state-of-the-art baseline tools, including Cppcheck, Flawfinder, and Splint, in detecting memory leaks, double free and use after free. •We propose a vulnerability model based on Petri Net.•We propose a vulnerability detection framework based on the proposed vulnerability model.•Compared with three detection tools, our approach is better.
AbstractList With the continuous development of information technology, software vulnerabilities have become a critical threat to information security. Post-release detection of memory leaks, double free and use after free is one of the most challenging research problems in software vulnerability analysis. To tackle this challenge, we introduce a vulnerability model based on Petri Net. We consider the characteristics and causes of vulnerabilities, modeling is conducted from the subject and environment of vulnerabilities. Based on this vulnerability model, we propose a memory-related vulnerability detection framework based on vulnerability model (MRVD-VM) and its vulnerability detection algorithm based on vulnerability mode (VDA-VM). The results of experiments on Juliet Test Suite 1.2 for C_CPP show that MRVD-VM significantly outperforms three state-of-the-art baseline tools, including Cppcheck, Flawfinder, and Splint, in detecting memory leaks, double free and use after free. •We propose a vulnerability model based on Petri Net.•We propose a vulnerability detection framework based on the proposed vulnerability model.•Compared with three detection tools, our approach is better.
ArticleNumber 100859
Author Ma, Liang
Zhang, Chi
Zhang, Lin
Cai, Saihua
Chen, Jinfu
Author_xml – sequence: 1
  givenname: Jinfu
  surname: Chen
  fullname: Chen, Jinfu
  organization: School of Computer Science and Communication Engineering, Jiangsu University, Zhenjiang 212013, China
– sequence: 2
  givenname: Chi
  surname: Zhang
  fullname: Zhang, Chi
  organization: School of Computer Science and Communication Engineering, Jiangsu University, Zhenjiang 212013, China
– sequence: 3
  givenname: Saihua
  orcidid: 0000-0003-0743-1156
  surname: Cai
  fullname: Cai, Saihua
  email: caisaih@ujs.edu.cn
  organization: School of Computer Science and Communication Engineering, Jiangsu University, Zhenjiang 212013, China
– sequence: 4
  givenname: Lin
  surname: Zhang
  fullname: Zhang, Lin
  organization: School of Computer Science and Communication Engineering, Jiangsu University, Zhenjiang 212013, China
– sequence: 5
  givenname: Liang
  surname: Ma
  fullname: Ma, Liang
  organization: School of Computer Science and Communication Engineering, Jiangsu University, Zhenjiang 212013, China
BookMark eNp9kLtOAzEQRV0EiRDyBTT-gQ1je3fjFBRRxCNSBBRQIsuPWcWrfclrgvL3OISGhmqkq3tGM-eKTLq-Q0JuGCwYsPK2XtSNbocFBy5SArJYTciUi4JnnIO8JPNxrAFSVS6lYFPysaYttn04ZgEbHdHRw2fTYdDGNz4eqcOINvq-o3oYQq_tnho9plpK_jbb3mFDv3zc01eMwdNnjNfkotLNiPPfOSPvD_dvm6ds9_K43ax3meWFiBkCW3IHCBXanJuiZCD0UhTSrbixpTFW5KXRoih47ioHRhqWgzRgRcoqLWZEnPfa0I9jwEoNwbc6HBUDdRKjavUjRp3EqLOYRN2dKUynHTwGNVqPnUXnQ3paud7_y38DVTtyRw
Cites_doi 10.1145/3436877
10.1016/j.cose.2022.102639
10.1109/TSE.2018.2869336
10.1109/TDSC.2017.2753803
10.26599/TST.2019.9010068
10.1002/spe.2870
10.1002/smr.2164
10.1016/j.jss.2020.110616
10.1007/s10796-020-10004-9
10.1007/s11390-021-1600-9
ContentType Journal Article
Copyright 2023 Elsevier Inc.
Copyright_xml – notice: 2023 Elsevier Inc.
DBID AAYXX
CITATION
DOI 10.1016/j.jlamp.2023.100859
DatabaseName CrossRef
DatabaseTitle CrossRef
DatabaseTitleList
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
ExternalDocumentID 10_1016_j_jlamp_2023_100859
S2352220823000135
GroupedDBID --M
0R~
4.4
457
4G.
7-5
8P~
AACTN
AAEDT
AAEDW
AAIAV
AAIKJ
AAKOC
AALRI
AAOAW
AAXUO
AAYFN
ABBOA
ABMAC
ABVKL
ABXDB
ABYKQ
ACDAQ
ACGFS
ACRLP
ADBBV
ADEZE
AEBSH
AEKER
AENEX
AFKWA
AFTJW
AGHFR
AGUBO
AIALX
AIEXJ
AIKHN
AITUG
AJBFU
AJOXV
ALMA_UNASSIGNED_HOLDINGS
AMFUW
AMRAJ
AOUOD
AXJTR
BKOJK
BLXMC
EBS
EFJIC
EFLBG
EJD
FDB
FIRID
FYGXN
GBLVA
GBOLZ
HZ~
KOM
M41
NCXOZ
O9-
OAUVE
RIG
ROL
SPC
SPCBC
SSV
SSZ
T5K
~G-
AATTM
AAXKI
AAYWO
AAYXX
ABJNI
ACVFH
ADCNI
ADVLN
AEIPS
AEUPX
AFJKZ
AFPUW
AFXIZ
AGCQF
AGRNS
AIGII
AIIUN
AKBMS
AKRWK
AKYEP
ANKPU
BNPGV
CITATION
SSH
ID FETCH-LOGICAL-c253t-e0172d0e0fec42b56103a7358d92bc6bbc346ba35524dfd0b8b1408b0c3355fa3
IEDL.DBID AIKHN
ISSN 2352-2208
IngestDate Tue Jul 01 00:37:50 EDT 2025
Fri Feb 23 02:38:53 EST 2024
IsPeerReviewed true
IsScholarly true
Keywords Vulnerability model
Use after free
Double free
Memory leak
Vulnerability detection
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c253t-e0172d0e0fec42b56103a7358d92bc6bbc346ba35524dfd0b8b1408b0c3355fa3
ORCID 0000-0003-0743-1156
ParticipantIDs crossref_primary_10_1016_j_jlamp_2023_100859
elsevier_sciencedirect_doi_10_1016_j_jlamp_2023_100859
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate April 2023
2023-04-00
PublicationDateYYYYMMDD 2023-04-01
PublicationDate_xml – month: 04
  year: 2023
  text: April 2023
PublicationDecade 2020
PublicationTitle Journal of logical and algebraic methods in programming
PublicationYear 2023
Publisher Elsevier Inc
Publisher_xml – name: Elsevier Inc
References Wagner, Sametinger (br0370) 2016
Chen, Wang, Yan (br0090) 2021
Yamaguchi, Golde, Arp (br0050) 2014
Yue (br0280) 2017
Jung, Li, Bechor (br0130) 2022; 116
Zhang, Wang, Yue (br0190) 2022; 37
br0320
Hu, Chen, Zhang (br0030) 2019; 25
Kaya, Keceli, Catal (br0240) 2019; 31
Sun, Xu, Guo (br0270) 2018
Denning (br0150) 1982
Nong, Cai, Ye (br0060) 2021; 137
Ibing, Mai (br0360) 2015
Li, Ji, Lyu (br0230) 2020
Islam, Muzahid (br0210) 2018
Liu, Qin (br0300) 2017
Zheng, Trivedi, Wang (br0390) 2017; 17
Dewey, Reaves, Traynor (br0290) 2015
br0340
Li, Zou, Xu (br0220) 2018
Ma, Yan, Wang (br0200) 2021
Gul, Junaid, Luo (br0160) 2019
Wu, Yi, Gao (br0180) 2010; 50
br0330
Amankwah, Chen, Kudjo (br0040) 2020; 50
Anand, Bhatt, Alhazmi (br0100) 2021; 23
Sui, Xue (br0080) 2018; 46
Amankwah, Chen, Song (br0380) 2022
Jabeen, Yang, Luo (br0070) 2021; 15
Chen, Kudjo, Mensah (br0170) 2020; 167
Liu, Yang, Zhang (br0120) 2016
Anand, Bhatt, Alhazmi (br0140) 2021; 16
Liu (br0310) 2020; vol. 12152
br0350
br0250
Gao, Xiong, Mi (br0260) 2015
Cheng, Wang, Hua, Xu, Sui (br0010) 2021; 30
Halepmollasi (br0020) 2020
Zou, Bai, Zhou (br0110) 2021
Li (10.1016/j.jlamp.2023.100859_br0230) 2020
Hu (10.1016/j.jlamp.2023.100859_br0030) 2019; 25
Kaya (10.1016/j.jlamp.2023.100859_br0240) 2019; 31
Zou (10.1016/j.jlamp.2023.100859_br0110) 2021
Ma (10.1016/j.jlamp.2023.100859_br0200) 2021
Wagner (10.1016/j.jlamp.2023.100859_br0370) 2016
Anand (10.1016/j.jlamp.2023.100859_br0140) 2021; 16
Amankwah (10.1016/j.jlamp.2023.100859_br0040) 2020; 50
Gao (10.1016/j.jlamp.2023.100859_br0260) 2015
Anand (10.1016/j.jlamp.2023.100859_br0100) 2021; 23
Li (10.1016/j.jlamp.2023.100859_br0220) 2018
Jung (10.1016/j.jlamp.2023.100859_br0130) 2022; 116
Chen (10.1016/j.jlamp.2023.100859_br0170) 2020; 167
Zhang (10.1016/j.jlamp.2023.100859_br0190) 2022; 37
Yue (10.1016/j.jlamp.2023.100859_br0280) 2017
Wu (10.1016/j.jlamp.2023.100859_br0180) 2010; 50
Dewey (10.1016/j.jlamp.2023.100859_br0290) 2015
Amankwah (10.1016/j.jlamp.2023.100859_br0380) 2022
Ibing (10.1016/j.jlamp.2023.100859_br0360) 2015
Cheng (10.1016/j.jlamp.2023.100859_br0010) 2021; 30
Sun (10.1016/j.jlamp.2023.100859_br0270) 2018
Halepmollasi (10.1016/j.jlamp.2023.100859_br0020) 2020
Jabeen (10.1016/j.jlamp.2023.100859_br0070) 2021; 15
Liu (10.1016/j.jlamp.2023.100859_br0310) 2020; vol. 12152
Zheng (10.1016/j.jlamp.2023.100859_br0390) 2017; 17
Nong (10.1016/j.jlamp.2023.100859_br0060) 2021; 137
Sui (10.1016/j.jlamp.2023.100859_br0080) 2018; 46
Chen (10.1016/j.jlamp.2023.100859_br0090) 2021
Islam (10.1016/j.jlamp.2023.100859_br0210) 2018
Gul (10.1016/j.jlamp.2023.100859_br0160) 2019
Yamaguchi (10.1016/j.jlamp.2023.100859_br0050) 2014
Liu (10.1016/j.jlamp.2023.100859_br0300) 2017
Denning (10.1016/j.jlamp.2023.100859_br0150) 1982
Liu (10.1016/j.jlamp.2023.100859_br0120) 2016
References_xml – volume: 46
  start-page: 812
  year: 2018
  end-page: 835
  ident: br0080
  article-title: Value-flow-based demand-driven pointer analysis for C and C++
  publication-title: IEEE Trans. Softw. Eng.
– start-page: 489
  year: 2021
  end-page: 502
  ident: br0110
  article-title: TCP-Fuzz: detecting memory and semantic bugs in TCP stacks with fuzzing
  publication-title: USENIX Annual Technical Conference
– start-page: 20
  year: 2016
  end-page: 25
  ident: br0120
  article-title: Modelling binary oriented software buffer-overflow vulnerability in process algebra
  publication-title: Seventh International Symposium on Parallel Architectures, Algorithms and Programming
– ident: br0320
– volume: 37
  start-page: 405
  year: 2022
  end-page: 422
  ident: br0190
  article-title: OvAFLow: detecting memory corruption bugs with fuzzing-based taint inference
  publication-title: J. Comput. Sci. Technol.
– start-page: 1
  year: 2018
  end-page: 15
  ident: br0220
  article-title: VulDeePecker: a deep learning-based system for vulnerability detection
  publication-title: ISOC Network and Distributed System Security Symposium
– start-page: 1
  year: 2016
  end-page: 9
  ident: br0370
  article-title: Using the Juliet test suite to compare static security scanners
  publication-title: International Conference on Security and Cryptography
– volume: 167
  start-page: 1
  year: 2020
  end-page: 20
  ident: br0170
  article-title: An automatic software vulnerability classification framework using term frequency-inverse gravity moment and feature selection
  publication-title: J. Syst. Softw.
– volume: 116
  start-page: 1
  year: 2022
  end-page: 9
  ident: br0130
  article-title: CAVP: a context-aware vulnerability prioritization model
  publication-title: Comput. Secur.
– ident: br0250
– start-page: 1
  year: 2019
  end-page: 6
  ident: br0160
  article-title: An integrated software vulnerability discovery model based on artificial neural network
  publication-title: The 31st International Conference on Software Engineering and Knowledge Engineering
– volume: 137
  year: 2021
  ident: br0060
  article-title: Evaluating and comparing memory error vulnerability detectors
  publication-title: Inf. Softw. Technol.
– start-page: 44
  year: 2015
  end-page: 51
  ident: br0360
  article-title: A fixed-point algorithm for automated static detection of infinite loops
  publication-title: IEEE International Symposium on High Assurance Systems Engineering
– volume: 23
  start-page: 709
  year: 2021
  end-page: 722
  ident: br0100
  article-title: Modeling software vulnerability discovery process inculcating the impact of reporters
  publication-title: Inf. Syst. Front.
– start-page: 1
  year: 2020
  end-page: 12
  ident: br0230
  article-title: V-Fuzz: vulnerability prediction-assisted evolutionary fuzzing for binary program
  publication-title: IEEE Trans. Cybern.
– volume: 25
  start-page: 604
  year: 2019
  end-page: 613
  ident: br0030
  article-title: A memory-related vulnerability detection approach based on vulnerability features
  publication-title: Tsinghua Sci. Technol.
– ident: br0350
– volume: 30
  year: 2021
  ident: br0010
  article-title: DeepWukong: statically detecting software vulnerabilities using deep graph neural network
  publication-title: ACM Trans. Softw. Eng. Methodol.
– volume: 17
  start-page: 92
  year: 2017
  end-page: 105
  ident: br0390
  article-title: Markov regenerative models of webservers for their user-perceived availability and bottlenecks
  publication-title: IEEE Trans. Dependable Secure Comput.
– volume: 50
  start-page: 1489
  year: 2010
  end-page: 1495
  ident: br0180
  article-title: Modeling and analysis of information security vulnerabilities based on Petri Nets
  publication-title: J. Tsinghua Univ.
– start-page: 459
  year: 2015
  end-page: 470
  ident: br0260
  article-title: Safe memory-leak fixing for C programs
  publication-title: IEEE/ACM, IEEE International Conference on Software Engineering
– start-page: 186
  year: 2020
  end-page: 189
  ident: br0020
  article-title: A composed technical debt identification methodology to predict software vulnerabilities
  publication-title: International Conference on Software Engineering
– start-page: 178
  year: 2018
  end-page: 188
  ident: br0210
  article-title: Bugaroo: exposing memory model bugs in many-core systems
  publication-title: International Symposium on Software Reliability Engineering
– volume: 50
  start-page: 1842
  year: 2020
  end-page: 1857
  ident: br0040
  article-title: An empirical comparison of commercial and open-source web vulnerability scanners
  publication-title: Softw. Pract. Exp.
– start-page: 296
  year: 2021
  end-page: 308
  ident: br0090
  article-title: Runtime detection of memory errors with smart status
  publication-title: 30th ACM SIGSOFT International Symposium on Software Testing and Analysis
– ident: br0340
– start-page: 387
  year: 2017
  end-page: 390
  ident: br0300
  article-title: Parallelly refill SLUB objects freed in slow paths: an approach to exploit the use-after-free vulnerabilities in Linux kernel
  publication-title: International Conference on Parallel and Distributed Computing, Applications and Technologies
– volume: vol. 12152
  start-page: 196
  year: 2020
  end-page: 216
  ident: br0310
  publication-title: PSPACE-Completeness of the Soundness Problem of Safe Asymmetric-Choice Workflow Nets
– start-page: 880
  year: 2021
  end-page: 891
  ident: br0200
  article-title: Detecting memory-related bugs by tracking heap memory management of C++ smart pointers
  publication-title: International Conference on Automated Software Engineering
– start-page: 1
  year: 2022
  end-page: 19
  ident: br0380
  article-title: Bug detection in Java code: An extensive evaluation of static analysis tools using Juliet Test Suites
  publication-title: Softw. Pract. Exp.
– start-page: 430
  year: 2018
  end-page: 435
  ident: br0270
  article-title: A projection-based approach for memory leak detection
  publication-title: IEEE Computer Software and Applications Conference
– volume: 15
  start-page: 109
  year: 2021
  end-page: 140
  ident: br0070
  article-title: Vulnerability severity prediction model for software based on Markov chain
  publication-title: Int. J. Inf. Comput. Secur.
– ident: br0330
– start-page: 590
  year: 2014
  end-page: 604
  ident: br0050
  article-title: Modeling and discovering vulnerabilities with code property graphs
  publication-title: IEEE Symposium on Security and Privacy
– start-page: 334
  year: 2017
  end-page: 345
  ident: br0280
  article-title: Pinpointing vulnerabilities
  publication-title: ACM on Asia Conference on Computer and Communications Security
– start-page: 90
  year: 2015
  end-page: 99
  ident: br0290
  article-title: Uncovering use-after-free conditions in compiled code
  publication-title: International Conference on Availability, Reliability and Security
– volume: 16
  start-page: 192
  year: 2021
  end-page: 206
  ident: br0140
  article-title: Vulnerability discovery modelling: a general framework
  publication-title: Int. J. Inf. Comput. Secur.
– volume: 31
  start-page: 1
  year: 2019
  end-page: 25
  ident: br0240
  article-title: The impact of feature types, classifiers, and data balancing techniques on software vulnerability prediction models
  publication-title: J. Softw. Evol. Process
– year: 1982
  ident: br0150
  article-title: Cryptography and Data Security
– volume: 16
  start-page: 192
  issue: 1–2
  year: 2021
  ident: 10.1016/j.jlamp.2023.100859_br0140
  article-title: Vulnerability discovery modelling: a general framework
  publication-title: Int. J. Inf. Comput. Secur.
– volume: 30
  issue: 3
  year: 2021
  ident: 10.1016/j.jlamp.2023.100859_br0010
  article-title: DeepWukong: statically detecting software vulnerabilities using deep graph neural network
  publication-title: ACM Trans. Softw. Eng. Methodol.
  doi: 10.1145/3436877
– start-page: 459
  year: 2015
  ident: 10.1016/j.jlamp.2023.100859_br0260
  article-title: Safe memory-leak fixing for C programs
– start-page: 186
  year: 2020
  ident: 10.1016/j.jlamp.2023.100859_br0020
  article-title: A composed technical debt identification methodology to predict software vulnerabilities
– start-page: 20
  year: 2016
  ident: 10.1016/j.jlamp.2023.100859_br0120
  article-title: Modelling binary oriented software buffer-overflow vulnerability in process algebra
– start-page: 590
  year: 2014
  ident: 10.1016/j.jlamp.2023.100859_br0050
  article-title: Modeling and discovering vulnerabilities with code property graphs
– start-page: 1
  year: 2016
  ident: 10.1016/j.jlamp.2023.100859_br0370
  article-title: Using the Juliet test suite to compare static security scanners
– volume: 15
  start-page: 109
  issue: 2–3
  year: 2021
  ident: 10.1016/j.jlamp.2023.100859_br0070
  article-title: Vulnerability severity prediction model for software based on Markov chain
  publication-title: Int. J. Inf. Comput. Secur.
– start-page: 1
  year: 2020
  ident: 10.1016/j.jlamp.2023.100859_br0230
  article-title: V-Fuzz: vulnerability prediction-assisted evolutionary fuzzing for binary program
  publication-title: IEEE Trans. Cybern.
– volume: 116
  start-page: 1
  year: 2022
  ident: 10.1016/j.jlamp.2023.100859_br0130
  article-title: CAVP: a context-aware vulnerability prioritization model
  publication-title: Comput. Secur.
  doi: 10.1016/j.cose.2022.102639
– start-page: 178
  year: 2018
  ident: 10.1016/j.jlamp.2023.100859_br0210
  article-title: Bugaroo: exposing memory model bugs in many-core systems
– start-page: 387
  year: 2017
  ident: 10.1016/j.jlamp.2023.100859_br0300
  article-title: Parallelly refill SLUB objects freed in slow paths: an approach to exploit the use-after-free vulnerabilities in Linux kernel
– start-page: 90
  year: 2015
  ident: 10.1016/j.jlamp.2023.100859_br0290
  article-title: Uncovering use-after-free conditions in compiled code
– start-page: 1
  year: 2022
  ident: 10.1016/j.jlamp.2023.100859_br0380
  article-title: Bug detection in Java code: An extensive evaluation of static analysis tools using Juliet Test Suites
  publication-title: Softw. Pract. Exp.
– start-page: 1
  year: 2019
  ident: 10.1016/j.jlamp.2023.100859_br0160
  article-title: An integrated software vulnerability discovery model based on artificial neural network
– start-page: 880
  year: 2021
  ident: 10.1016/j.jlamp.2023.100859_br0200
  article-title: Detecting memory-related bugs by tracking heap memory management of C++ smart pointers
– year: 1982
  ident: 10.1016/j.jlamp.2023.100859_br0150
– volume: 137
  issue: 8
  year: 2021
  ident: 10.1016/j.jlamp.2023.100859_br0060
  article-title: Evaluating and comparing memory error vulnerability detectors
  publication-title: Inf. Softw. Technol.
– volume: 46
  start-page: 812
  issue: 8
  year: 2018
  ident: 10.1016/j.jlamp.2023.100859_br0080
  article-title: Value-flow-based demand-driven pointer analysis for C and C++
  publication-title: IEEE Trans. Softw. Eng.
  doi: 10.1109/TSE.2018.2869336
– start-page: 296
  year: 2021
  ident: 10.1016/j.jlamp.2023.100859_br0090
  article-title: Runtime detection of memory errors with smart status
– volume: 50
  start-page: 1489
  year: 2010
  ident: 10.1016/j.jlamp.2023.100859_br0180
  article-title: Modeling and analysis of information security vulnerabilities based on Petri Nets
  publication-title: J. Tsinghua Univ.
– volume: 17
  start-page: 92
  issue: 1
  year: 2017
  ident: 10.1016/j.jlamp.2023.100859_br0390
  article-title: Markov regenerative models of webservers for their user-perceived availability and bottlenecks
  publication-title: IEEE Trans. Dependable Secure Comput.
  doi: 10.1109/TDSC.2017.2753803
– volume: 25
  start-page: 604
  issue: 5
  year: 2019
  ident: 10.1016/j.jlamp.2023.100859_br0030
  article-title: A memory-related vulnerability detection approach based on vulnerability features
  publication-title: Tsinghua Sci. Technol.
  doi: 10.26599/TST.2019.9010068
– volume: 50
  start-page: 1842
  issue: 9
  year: 2020
  ident: 10.1016/j.jlamp.2023.100859_br0040
  article-title: An empirical comparison of commercial and open-source web vulnerability scanners
  publication-title: Softw. Pract. Exp.
  doi: 10.1002/spe.2870
– start-page: 44
  year: 2015
  ident: 10.1016/j.jlamp.2023.100859_br0360
  article-title: A fixed-point algorithm for automated static detection of infinite loops
– start-page: 1
  year: 2018
  ident: 10.1016/j.jlamp.2023.100859_br0220
  article-title: VulDeePecker: a deep learning-based system for vulnerability detection
– volume: 31
  start-page: 1
  issue: 9
  year: 2019
  ident: 10.1016/j.jlamp.2023.100859_br0240
  article-title: The impact of feature types, classifiers, and data balancing techniques on software vulnerability prediction models
  publication-title: J. Softw. Evol. Process
  doi: 10.1002/smr.2164
– start-page: 489
  year: 2021
  ident: 10.1016/j.jlamp.2023.100859_br0110
  article-title: TCP-Fuzz: detecting memory and semantic bugs in TCP stacks with fuzzing
– volume: 167
  start-page: 1
  year: 2020
  ident: 10.1016/j.jlamp.2023.100859_br0170
  article-title: An automatic software vulnerability classification framework using term frequency-inverse gravity moment and feature selection
  publication-title: J. Syst. Softw.
  doi: 10.1016/j.jss.2020.110616
– start-page: 334
  year: 2017
  ident: 10.1016/j.jlamp.2023.100859_br0280
  article-title: Pinpointing vulnerabilities
– volume: vol. 12152
  start-page: 196
  year: 2020
  ident: 10.1016/j.jlamp.2023.100859_br0310
– volume: 23
  start-page: 709
  issue: 3
  year: 2021
  ident: 10.1016/j.jlamp.2023.100859_br0100
  article-title: Modeling software vulnerability discovery process inculcating the impact of reporters
  publication-title: Inf. Syst. Front.
  doi: 10.1007/s10796-020-10004-9
– volume: 37
  start-page: 405
  issue: 2
  year: 2022
  ident: 10.1016/j.jlamp.2023.100859_br0190
  article-title: OvAFLow: detecting memory corruption bugs with fuzzing-based taint inference
  publication-title: J. Comput. Sci. Technol.
  doi: 10.1007/s11390-021-1600-9
– start-page: 430
  year: 2018
  ident: 10.1016/j.jlamp.2023.100859_br0270
  article-title: A projection-based approach for memory leak detection
SSID ssj0001687831
Score 2.2640789
Snippet With the continuous development of information technology, software vulnerabilities have become a critical threat to information security. Post-release...
SourceID crossref
elsevier
SourceType Index Database
Publisher
StartPage 100859
SubjectTerms Double free
Memory leak
Use after free
Vulnerability detection
Vulnerability model
Title A memory-related vulnerability detection approach based on vulnerability model with Petri Net
URI https://dx.doi.org/10.1016/j.jlamp.2023.100859
Volume 132
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3PS8MwFA5zu3jxtzh_kYNHw2rSps2xDMdU3EUHu0jpS1LY0DqkE_bfm5e26EA8eGzog_I1efmSfPkeIVeJkMo45slAR3jMmEcMwkIxrdCMxeoIvGX-40SOp-H9LJp1yLC9C4Oyyib31zndZ-umZdCgOVjO54MnjtyB-5MiJDLRFulxoaTr2r307mE8-d5qkUmc-MqEGMIwpvUf8kqvhcMerSu5QM1Agralv81RP-ad0R7ZaQgjTetv2icdWx6Q3bYYA23G5iF5SekbqmbXzF9PsYZ-rl7RUtqrX9fU2Mqrrkra2ohTnMEMdS2bb_riOBQ3aKmvt0Untjoi09Ht83DMmtoJTPNIVMzi2s4ENiisDjkgSxJ5LKLEKA5aAmgRSsgd2-ChKUwACbilVgKBFq6tyMUx6ZbvpT0h9KYwsYoBL4Xr0BqpbGCg0FYJK2INuk-uW7SyZW2RkbXasUXmwc0Q3KwGt09ki2i28aczl8T_Cjz9b-AZ2canWm9zTrrVx8peOCpRwWXTVb4ATIrIVQ
linkProvider Elsevier
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1LS8NAEB5qe9CLb7E-9-DRpTGbzeNYiqW1bS620Iss2UegRWORVOi_N7NJ0IJ48LrJQPiSzH67-803AHch8yNdME8qFcdjxoRT6aURVRGasRjFpbXMn8T-YOY9zfm8Ab26FgZllVXuL3O6zdbVSKdCs7NaLDrPLnIH154UIZHhO9BCdyrehFZ3OBrE31stfhiEtjMhhlCMqf2HrNJrWWCP1pUuQ81AiLalv81RP-ad_iHsV4SRdMtnOoKGyY7hoG7GQKp_8wReuuQNVbMbastTjCaf61e0lLbq1w3RJreqq4zUNuIEZzBNipHtO21zHIIbtMT22yKxyU9h1n-c9ga06p1AlctZTg2u7bRjnNQoz5XIklgSMB7qyJXKl1Ixz5dJwTZcT6fakaEsllqhdBQrxtKEnUEze8_MOZCHVAdRILEoXHlG-5FxtEyViZhhgZKqDfc1WmJVWmSIWju2FBZcgeCKEtw2-DWiYutNiyKJ_xV48d_AW9gdTCdjMR7Go0vYwyul9uYKmvnH2lwXtCKXN9Vn8wXIHMs7
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+memory-related+vulnerability+detection+approach+based+on+vulnerability+model+with+Petri+Net&rft.jtitle=Journal+of+logical+and+algebraic+methods+in+programming&rft.au=Chen%2C+Jinfu&rft.au=Zhang%2C+Chi&rft.au=Cai%2C+Saihua&rft.au=Zhang%2C+Lin&rft.date=2023-04-01&rft.issn=2352-2208&rft.volume=132&rft.spage=100859&rft_id=info:doi/10.1016%2Fj.jlamp.2023.100859&rft.externalDBID=n%2Fa&rft.externalDocID=10_1016_j_jlamp_2023_100859
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2352-2208&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2352-2208&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2352-2208&client=summon