An empirical study of the reliability of UNIX utilities
Communications of the ACM
Software fault injection: inoculating programs against errors
Software fault injection: inoculating programs against errors
Automatic predicate abstraction of C programs
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
Relative Completeness of Abstraction Refinement for Software Model Checking
TACAS '02 Proceedings of the 8th International Conference on Tools and Algorithms for the Construction and Analysis of Systems
Proceedings of the 11th USENIX Security Symposium
Automated Robustness Testing of Off-the-Shelf Software Components
FTCS '98 Proceedings of the The Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing
Building dependable COTS microkernel-based systems using MAFALDA
PRDC '00 Proceedings of the 2000 Pacific Rim International Symposium on Dependable Computing
Comparing Operating Systems Using Robustness Benchmarks
SRDS '97 Proceedings of the 16th Symposium on Reliable Distributed Systems
Type qualifiers: lightweight specifications to improve software quality
Type qualifiers: lightweight specifications to improve software quality
Testing static analysis tools using exploitable buffer overflows from open source code
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Security assessment for application network services using fault injection
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
A model for security vulnerability pattern
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III
Hi-index | 0.00 |
For large scale and residual software like network service, reliability is a critical requirement. Recent research has shown that most of network software still contains a number of bugs. Methods for automated detection of bugs in software can be classified into static analysis based on formal verification and runtime checking based on fault injection. In this paper, a framework for checking software security vulnerability is proposed. The framework is based on automated bug detection technologies, i.e. static analysis and fault injection, which are complementary each other. The proposed framework provides a new direction, in which various kinds of software can be checked its vulnerability by making use of static analysis and fault injection technology. In experiment on proposed framework, we find unknown vulnerability as well as known vulnerability in Windows network module.