A formalization-based vulnerability detection method for cross-subject network components
With the rapid development of computer technology, the cross-subject network components (CSNC) is widely used in software. However, the existing of vulnerabilities in CSNC may seriously affect the security of software, which attracts the attention of software tester. This paper proposes a formal-bas...
Saved in:
| Published in | IEEE ... International Conference on Trust, Security and Privacy in Computing and Communications (Online) pp. 1054 - 1059 |
|---|---|
| Main Authors | , , , , , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
01.12.2022
|
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | With the rapid development of computer technology, the cross-subject network components (CSNC) is widely used in software. However, the existing of vulnerabilities in CSNC may seriously affect the security of software, which attracts the attention of software tester. This paper proposes a formal-based vulnerability detection method called FVDM for CSNC to detect the security vulnerabilities and defects in the logic of components. The proposed FVDM firstly selects the singleton as the medium of abstract computation as well as uses the formal description language to construct a vulnerability propagation model; And then, the FVDM classifies the vulnerabilities into explicit and implicit vulnerabilities through analyzing the types of vulnerabilities, thereby designing the vulnerability detection algorithm for explicit vulnerabilities and implicit vulnerabilities respectively. The experimental results on several COM (Component Object Model) components show that the proposed FVDM can detect the buffer overflow as well as illegal access vulnerabilities in the components. |
|---|---|
| AbstractList | With the rapid development of computer technology, the cross-subject network components (CSNC) is widely used in software. However, the existing of vulnerabilities in CSNC may seriously affect the security of software, which attracts the attention of software tester. This paper proposes a formal-based vulnerability detection method called FVDM for CSNC to detect the security vulnerabilities and defects in the logic of components. The proposed FVDM firstly selects the singleton as the medium of abstract computation as well as uses the formal description language to construct a vulnerability propagation model; And then, the FVDM classifies the vulnerabilities into explicit and implicit vulnerabilities through analyzing the types of vulnerabilities, thereby designing the vulnerability detection algorithm for explicit vulnerabilities and implicit vulnerabilities respectively. The experimental results on several COM (Component Object Model) components show that the proposed FVDM can detect the buffer overflow as well as illegal access vulnerabilities in the components. |
| Author | Geng, Ye Yin, Yemin Xie, Haodi Cai, Saihua Zhang, Zikang Chen, Jinfu |
| Author_xml | – sequence: 1 givenname: Jinfu surname: Chen fullname: Chen, Jinfu organization: Jiangsu University,School of Computer Science and Communication Engineering,Zhenjiang,China,212013 – sequence: 2 givenname: Haodi surname: Xie fullname: Xie, Haodi organization: Jiangsu University,School of Computer Science and Communication Engineering,Zhenjiang,China,212013 – sequence: 3 givenname: Saihua surname: Cai fullname: Cai, Saihua email: caisaih@ujs.edu.cn organization: Jiangsu University,School of Computer Science and Communication Engineering,Zhenjiang,China,212013 – sequence: 4 givenname: Ye surname: Geng fullname: Geng, Ye organization: Jiangsu University,School of Computer Science and Communication Engineering,Zhenjiang,China,212013 – sequence: 5 givenname: Yemin surname: Yin fullname: Yin, Yemin organization: Jiangsu University,School of Computer Science and Communication Engineering,Zhenjiang,China,212013 – sequence: 6 givenname: Zikang surname: Zhang fullname: Zhang, Zikang organization: Jiangsu University,School of Computer Science and Communication Engineering,Zhenjiang,China,212013 |
| BookMark | eNotjr1OwzAURg0Cibb0DRj8Agn32o4bj1XFn1SJpQxMle3cCpckrmIXVJ6eVDB9w9H5dKbsqo89McYRSkQw95vhmPIqdpWWRpcChCgBUKkLNkWtK2WUqKpLNhFSqMIAyhs2T2kPAFKAwrqasPcl38Whs234sTnEvnA2UcO_jm1Pg3WhDfnEG8rkz5R3lD9ic1a4H2JKRTq6_ch4T_k7Dp_cx-4wRvY53bLrnW0Tzf93xt4eHzar52L9-vSyWq6LMDbkQltfG2-VwwVZU3slEIiQSKOWbjG2amWMEK7WWDsBJEAb50A23stGV3LG7v5-AxFtD0Po7HDa4uhJhVL-Ag-DWCc |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/TrustCom56396.2022.00144 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 1665494255 9781665494250 |
| EISSN | 2324-9013 |
| EndPage | 1059 |
| ExternalDocumentID | 10063413 |
| Genre | orig-research |
| GrantInformation_xml | – fundername: China Postdoctoral Science Foundation funderid: 10.13039/501100002858 – fundername: National Natural Science Foundation of China funderid: 10.13039/501100001809 – fundername: Natural Science Foundation of Jiangsu Province funderid: 10.13039/501100004608 |
| GroupedDBID | 6IE 6IF 6IL 6IN AAWTH ABLEC ADZIZ ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO IEGSK OCL RIE RIL |
| ID | FETCH-LOGICAL-i204t-6ac89ca4b17ea98c4210ee1ee6163b7000649922b8618b20e2069bb03dcc3d653 |
| IEDL.DBID | RIE |
| IngestDate | Wed Aug 27 02:52:27 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i204t-6ac89ca4b17ea98c4210ee1ee6163b7000649922b8618b20e2069bb03dcc3d653 |
| PageCount | 6 |
| ParticipantIDs | ieee_primary_10063413 |
| PublicationCentury | 2000 |
| PublicationDate | 2022-Dec. |
| PublicationDateYYYYMMDD | 2022-12-01 |
| PublicationDate_xml | – month: 12 year: 2022 text: 2022-Dec. |
| PublicationDecade | 2020 |
| PublicationTitle | IEEE ... International Conference on Trust, Security and Privacy in Computing and Communications (Online) |
| PublicationTitleAbbrev | TRUSTCOM |
| PublicationYear | 2022 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0003204185 |
| Score | 1.8176525 |
| Snippet | With the rapid development of computer technology, the cross-subject network components (CSNC) is widely used in software. However, the existing of... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1054 |
| SubjectTerms | Analytical models Buffer overflows component testing Computational modeling cross-subject network components Formal languages formal verification Privacy Runtime Software vulnerability propagation |
| Title | A formalization-based vulnerability detection method for cross-subject network components |
| URI | https://ieeexplore.ieee.org/document/10063413 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1NS8QwEA26J0_rR8VvcvCatR9J2h5FXBbBxcMurKelSaYgLl3RVtBf70zarigI3kqhNCRM38z0vTeMXZapKlOQqShsFAtZllZkJtKixE9hGWYpoiw19O-nejKXdwu16MTqXgsDAJ58BiO69P_y3do21CrDCEdAlTSjdhsrt1astWmoJHFIRiw9WyfMr2akWsCwUojCxEaIyZsTC4gfg1Q8joyHbNqvoKWPPI-a2ozs5y9zxn8vcZcF35I9_rABoz22BdU-G_YzG3gXwgfs8Zr7NHXV6S8FwZjj782K7Kc9U_aDO6g9Q6vi7YBpeoR7PBVvjaHODa9a-jgnSvq6IjZGwObj29nNRHTjFcQTblUtdGGz3BbSRCkUeWYlVn8AEYDGHM2kPlsh11qT6SgzcQhxqHNjwsRZmzitkkM2qPANR4wrYzBPjEDnKpbK2TxJQLrCRc5geqjlMQtoq5YvrYPGst-lkz_un7IdOq6WNnLGBvVrA-cI_rW58If-BUGGsEo |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwzV09T8MwELVQGWAqH0V84wFGl8RxnGRgQEBVaKkYWgmmEtsXCVEFBAmo_Bf-Cr-Ns9MWgcSIxBZZiizn7HvPl3d3hOxnUZhFICKWap8zkWWaxcqXLENXmHlxhChrA_qXPdkeiIvr8HqOvM9yYQDAic-gaR_dv3zzoEsbKsMTjoCKXneioezA-BVvaM9H56dozgPOW2f9kzabNBFgd9wTBZOpjhOdCuVHkCaxFnjHAfABJDIRFTlMtrVZVSz9WHEPuCcTpbzAaB0YaZtCoIefR6IR8io9bBbCCXAChLupPshLDvs2TwIPcoi4b_UP3FYDxSvLt9YtDrladfIxXXMlWLlvloVq6rcf5SD_7UdZIo2vpER6NYPbZTIH-QqpT7tS0ImTWiU3x9QR8dEkw5RZoDb0pRzZAttOCzymBgqnQctp1ULbvkIdY2DPpbKxKZpXAnlqRfcPudWbNMjgT5a5Rmo5zrBOaKgUMmEfZBJyERqdBAEIkxrfKCTAUmyQhjXN8LGqETKcWmXzl_E9stDuX3aH3fNeZ4ss2q1SiWS2Sa14KmEHqU6hdt2Go-T2r435CQPbDCs |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=proceeding&rft.title=IEEE+...+International+Conference+on+Trust%2C+Security+and+Privacy+in+Computing+and+Communications+%28Online%29&rft.atitle=A+formalization-based+vulnerability+detection+method+for+cross-subject+network+components&rft.au=Chen%2C+Jinfu&rft.au=Xie%2C+Haodi&rft.au=Cai%2C+Saihua&rft.au=Geng%2C+Ye&rft.date=2022-12-01&rft.pub=IEEE&rft.eissn=2324-9013&rft.spage=1054&rft.epage=1059&rft_id=info:doi/10.1109%2FTrustCom56396.2022.00144&rft.externalDocID=10063413 |