TY - GEN
T1 - Security Vulnerabilities Detection Through Assertion-Based Approach
AU - Kissi, Salim Yahia
AU - Ameur-Boulifa, Rabéa
AU - Seladji, Yassamin
N1 - Publisher Copyright:
© 2022, Springer Nature Switzerland AG.
PY - 2022/1/1
Y1 - 2022/1/1
N2 - Organizations and companies develop very complex software today. Errors and flaws can be introduced at different phases of the software development life cycle and can lead to exploitable vulnerabilities. Furthermore, considering that most systems are exposed to multiple users and environments, such flaws can lead to attacks (or actions) with unpredictable consequences in terms of damage and costs. Most research that deals with security-related issues of software focuses their efforts on coding errors and flaws, regardless of the infrastructure and platforms that run the software applications. Often, such analyses of software applications vulnerabilities may lack sufficient specification details, thus possibly miss larger systematic flaws, and consequently obscure the existence of serious vulnerabilities. Our research aims at developing a technique capable of discovering the security weaknesses, specifically buffer overflow vulnerabilities in C/C++ programs, through the analysis of source code combined with architecture specifications. The proposed approach relies on the notion of platform assertions that is, a collection of logical relationships used to characterize a platform (execution environment). In this paper, we focus on such assertions and show how vulnerabilities analysis of software applications can be performed with our assertion-based approach. Furthermore, the generation of assertion specifications as well as the construction of an assertion library including various platforms are explored.
AB - Organizations and companies develop very complex software today. Errors and flaws can be introduced at different phases of the software development life cycle and can lead to exploitable vulnerabilities. Furthermore, considering that most systems are exposed to multiple users and environments, such flaws can lead to attacks (or actions) with unpredictable consequences in terms of damage and costs. Most research that deals with security-related issues of software focuses their efforts on coding errors and flaws, regardless of the infrastructure and platforms that run the software applications. Often, such analyses of software applications vulnerabilities may lack sufficient specification details, thus possibly miss larger systematic flaws, and consequently obscure the existence of serious vulnerabilities. Our research aims at developing a technique capable of discovering the security weaknesses, specifically buffer overflow vulnerabilities in C/C++ programs, through the analysis of source code combined with architecture specifications. The proposed approach relies on the notion of platform assertions that is, a collection of logical relationships used to characterize a platform (execution environment). In this paper, we focus on such assertions and show how vulnerabilities analysis of software applications can be performed with our assertion-based approach. Furthermore, the generation of assertion specifications as well as the construction of an assertion library including various platforms are explored.
KW - Assertions
KW - Execution environment
KW - Formal analysis
KW - Vulnerabilities detection
UR - https://www.scopus.com/pages/publications/85135044417
U2 - 10.1007/978-3-031-10363-6_25
DO - 10.1007/978-3-031-10363-6_25
M3 - Conference contribution
AN - SCOPUS:85135044417
SN - 9783031103629
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 381
EP - 387
BT - Theoretical Aspects of Software Engineering - 16th International Symposium, TASE 2022, Proceedings
A2 - Aït-Ameur, Yamine
A2 - Crăciun, Florin
PB - Springer Science and Business Media Deutschland GmbH
T2 - 16th International Symposium on Theoretical Aspects of Software Engineering, TASE 2022
Y2 - 8 July 2022 through 10 July 2022
ER -