Affiliation : PA Division, Fasoo.com R&D Center, Seoul
Country : Korea
Category : Computer Science & Information Technology
Volume, Issue, Month, Year : 7, 8, June, 2017
Abstract
The
goal of this paper is to present an efficient and effective path-sensitive
analysis technique for many types of security vulnerability. We propose two
analysis techniques. The first is a scalable path-sensitive analysis technique
for security vulnerability with high precision and recall. Our strategies are
to allow flexible design of path state and to make an effective path navigation
heuristic which achieves both scalability and high recall. Experimental results
show that a vulnerability scanner implemented through this technique get
precision 100% and recall 93% on OWASP Benchmark. The vulnerability scanner is
able to analyze 1 million lines of code. The second is a pre-analysis technique
to improve the efficiency of the above analysis technique. The pre-analysis
technique improves the path navigation by using an additional cheap anlysis.
Despite the additional cost, experimental results show that the total analysis
time is reduced by 2.5 times. Simultaneously recall of the analysis is improved
by the pre-analysis technique.
Keyword : Secure coding, Security, Static analysis, Vulnerability scanner, Summary-based, Path-sensitive, Information flow Analysis, Pre-analysis
For More Details : https://airccj.org/CSCP/vol7/csit77003.pdf
No comments:
Post a Comment