A formalization-based vulnerability detection method for cross-subject network components

• Published in: IEEE ... International Conference on Trust, Security and Privacy in Computing and Communications (Online) pp. 1054 - 1059
• Main Authors: Chen, Jinfu, Xie, Haodi, Cai, Saihua, Geng, Ye, Yin, Yemin, Zhang, Zikang
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.12.2022
• Subjects: Analytical models; Buffer overflows; component testing; Computational modeling; cross-subject network components; Formal languages; formal verification; Privacy; Runtime; Software; vulnerability propagation
• ISSN: 2324-9013
• DOI: 10.1109/TrustCom56396.2022.00144

With the rapid development of computer technology, the cross-subject network components (CSNC) is widely used in software. However, the existing of vulnerabilities in CSNC may seriously affect the security of software, which attracts the attention of software tester. This paper proposes a formal-based vulnerability detection method called FVDM for CSNC to detect the security vulnerabilities and defects in the logic of components. The proposed FVDM firstly selects the singleton as the medium of abstract computation as well as uses the formal description language to construct a vulnerability propagation model; And then, the FVDM classifies the vulnerabilities into explicit and implicit vulnerabilities through analyzing the types of vulnerabilities, thereby designing the vulnerability detection algorithm for explicit vulnerabilities and implicit vulnerabilities respectively. The experimental results on several COM (Component Object Model) components show that the proposed FVDM can detect the buffer overflow as well as illegal access vulnerabilities in the components.