An analysis on secure coding using symbolic execution engine
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Kim, Joon-Ho | - |
dc.contributor.author | Ma, Myung-Chul | - |
dc.contributor.author | Park, Jae-Pyo | - |
dc.date.available | 2018-05-09T02:27:16Z | - |
dc.date.created | 2018-04-17 | - |
dc.date.issued | 2016-08 | - |
dc.identifier.issn | 2274-2042 | - |
dc.identifier.uri | http://scholarworks.bwise.kr/ssu/handle/2018.sw.ssu/7551 | - |
dc.description.abstract | Business' dependency on a software or computer program is getting higher. In such an environment, eliminating security vulnerabilities have become increasingly important and difficult as programs are more complicated and have greater impacts on businesses. We analyzed the security vulnerabilities of code using a symbolic execution engine that tracks data which would kill or might make the program vulnerable. We also present smart fuzzing using the data from the symbolic execution engine, an effective software vulnerability-finding testing that automatically generates inputs that crash or penetrate the program. By using symbolic execution engine, we can produce the automatically-generated data that are strong against vulnerability issues. In the case when program verification tools fail to verify a program, either the program is buggy or the report is a false alarm. In this case, the burden is put on users in manually classifying the report, which is a time-consuming, error-prone task and it does not utilize facts already proven by the analysis. We present a new technique for assisting users in classifying error reports. Our technique computes small, relevant queries presented to a user, which capture exact information that the analysis misses to either discharge or validate the error. In this paper, a methodology proper to detecting the security vulnerability is suggested by engrafting the symbol-based engine into the secure coding. Also, its effect was verified through the security vulnerability inspection test using the suggested symbolic execution engine. A notion of symbolically executing the program has been presented, which is closely related to the normal notion of program execution. It offers the advantage that one symbolic execution may represent a large, usually infinite, class of normal executions. This can be used for great advantages in the program inspecting and debugging. | - |
dc.language | 영어 | - |
dc.language.iso | en | - |
dc.publisher | SPRINGER FRANCE | - |
dc.relation.isPartOf | JOURNAL IN COMPUTER VIROLOGY AND HACKING TECHNIQUES | - |
dc.title | An analysis on secure coding using symbolic execution engine | - |
dc.type | Article | - |
dc.identifier.doi | 10.1007/s11416-016-0263-5 | - |
dc.type.rims | ART | - |
dc.identifier.bibliographicCitation | JOURNAL IN COMPUTER VIROLOGY AND HACKING TECHNIQUES, v.12, no.3, pp.177 - 184 | - |
dc.description.journalClass | 1 | - |
dc.identifier.wosid | 000387079500009 | - |
dc.identifier.scopusid | 2-s2.0-84954517484 | - |
dc.citation.endPage | 184 | - |
dc.citation.number | 3 | - |
dc.citation.startPage | 177 | - |
dc.citation.title | JOURNAL IN COMPUTER VIROLOGY AND HACKING TECHNIQUES | - |
dc.citation.volume | 12 | - |
dc.contributor.affiliatedAuthor | Park, Jae-Pyo | - |
dc.type.docType | Article | - |
dc.description.isOpenAccess | N | - |
dc.description.journalRegisteredClass | scopus | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
Soongsil University Library 369 Sangdo-Ro, Dongjak-Gu, Seoul, Korea (06978)02-820-0733
COPYRIGHT ⓒ SOONGSIL UNIVERSITY, ALL RIGHTS RESERVED.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.