Ontology Model-Based Static Analysis of Security Vulnerabilities | |
Yu, Lian ; Wu, Shi-Zhong ; Guo, Tao ; Dong, Guo-Wei ; Wan, Cheng-Cheng ; Jing, Yin-Hang | |
2011 | |
关键词 | Static analysis Program slicing Vulnerability ontology model Reasoning |
英文摘要 | Static analysis technologies and tools have been widely adopted in detecting software bugs and vulnerabilities. However, traditional approaches have their limitations on extensibility and reusability due to their methodologies, and are unsuitable to describe subtle vulnerabilities under complex and unaccountable contexts. This paper proposes an approach of static analysis based on ontology model enhanced by program slicing technology for detecting software vulnerabilities. We use Ontology Web Language (OWL) to model the source code and Semantic Web Rule Language (SWRL) to describe the bug and vulnerability patterns. Program slicing criteria can be automatically extracted from the SWRL rules and adopted to slice the source code. A prototype of security vulnerability detection (SVD) tool is developed to show the validity of the proposed approach.; http://gateway.webofknowledge.com/gateway/Gateway.cgi?GWVersion=2&SrcApp=PARTNER_APP&SrcAuth=LinksAMR&KeyUT=WOS:000306979000027&DestLinkType=FullRecord&DestApp=ALL_WOS&UsrCustomerID=8e1609b174ce4e31116a60747a720701 ; Computer Science, Information Systems; Computer Science, Theory & Methods; EI; CPCI-S(ISTP); 0 |
语种 | 英语 |
DOI标识 | 10.1007/978-3-642-25243-3_27 |
内容类型 | 其他 |
源URL | [http://ir.pku.edu.cn/handle/20.500.11897/325731] |
专题 | 软件与微电子学院 |
推荐引用方式 GB/T 7714 | Yu, Lian,Wu, Shi-Zhong,Guo, Tao,et al. Ontology Model-Based Static Analysis of Security Vulnerabilities. 2011-01-01. |
个性服务 |
查看访问统计 |
相关权益政策 |
暂无数据 |
收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论