Passive testing and applications to network management
ICNP '97 Proceedings of the 1997 International Conference on Network Protocols (ICNP '97)
Inside the Windows Security Push
IEEE Security and Privacy
Fault Identification in Networks by Passive Testing
SS '01 Proceedings of the 34th Annual Simulation Symposium (SS01)
Application Penetration Testing
IEEE Security and Privacy
A passive testing approach based on invariants: application to the WAP
Computer Networks and ISDN Systems
An Enhanced Passive Testing Approach for Network Protocols
ICNICONSMCL '06 Proceedings of the International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies
Analysis of software vulnerability
ISP'06 Proceedings of the 5th WSEAS International Conference on Information Security and Privacy
Dynamic taint propagation: Finding vulnerabilities without attacking
Information Security Tech. Report
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Model-Checking for Software Vulnerabilities Detection with Multi-Language Support
PST '08 Proceedings of the 2008 Sixth Annual Conference on Privacy, Security and Trust
Verification, Validation, and Evaluation in Information Security Risk Management
IEEE Security and Privacy
The BINCOA framework for binary code analysis
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Hi-index | 0.00 |
This paper presents a technique for vulnerability detection in C programs. It is based on a vulnerability formal model called "Vulnerability Detection Conditions" (VDCs). This model is used together with passive testing techniques for the automatic detection of vulnerabilities. The proposed technique has been implemented in a dynamic code analysis tool, TestInv-Code, which detects the presence of vulnerabilities on a given code, by checking dynamically the VDCs on the execution traces of the given program. The tool has been applied to several C applications containing some well known vulnerabilities to illustrate its effectiveness. It has also been compared with existing tools in the market, showing promising performances.