Ontology model-based static analysis of security vulnerabilities

Authors:
Lian Yu;Shi-Zhong Wu;Tao Guo;Guo-Wei Dong;Cheng-Cheng Wan;Yin-Hang Jing
Affiliations:
School of Software and Microelectronics, Peking University, Beijing, China;China Information Technology Security Evaluation Center, Beijing, China;China Information Technology Security Evaluation Center, Beijing, China;China Information Technology Security Evaluation Center, Beijing, China;School of Software and Microelectronics, Peking University, Beijing, China;School of Software and Microelectronics, Peking University, Beijing, China
Venue:
ICICS'11 Proceedings of the 13th international conference on Information and communications security
Year:
2011

Citing 13
Cited 0

The program dependence graph and its use in optimization

ACM Transactions on Programming Languages and Systems (TOPLAS)
Pointer-induced aliasing: a problem classification

POPL '91 Proceedings of the 18th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Efficiently computing static single assignment form and the control dependence graph

ACM Transactions on Programming Languages and Systems (TOPLAS)
Value dependence graphs: representation without taxation

POPL '94 Proceedings of the 21st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Generating Robust Parsers using Island Grammars

WCRE '01 Proceedings of the Eighth Working Conference on Reverse Engineering (WCRE'01)
Structure-preserving binary relations for program abstraction

The essence of computation
Program slices: formal, psychological, and practical investigations of an automatic program abstraction method

Program slices: formal, psychological, and practical investigations of an automatic program abstraction method
Dynamic Data Structure Analysis for Java Programs

ICPC '06 Proceedings of the 14th IEEE International Conference on Program Comprehension
Source Code Analysis: A Road Map

FOSE '07 2007 Future of Software Engineering
Towards dynamic interprocedural analysis in JVMs

VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3
Ontology Model-Based Static Analysis on Java Programs

COMPSAC '08 Proceedings of the 2008 32nd Annual IEEE International Computer Software and Applications Conference
FLAVERS: a finite state verification technique for software systems

IBM Systems Journal
Dimensions of precision in reference analysis of object-oriented programming languages

CC'03 Proceedings of the 12th international conference on Compiler construction

Quantified Score

Hi-index	0.00

Visualization

Abstract

Static analysis technologies and tools have been widely adopted in detecting software bugs and vulnerabilities. However, traditional approaches have their limitations on extensibility and reusability due to their methodologies, and are unsuitable to describe subtle vulnerabilities under complex and unaccountable contexts. This paper proposes an approach of static analysis based on ontology model enhanced by program slicing technology for detecting software vulnerabilities. We use Ontology Web Language (OWL) to model the source code and Semantic Web Rule Language (SWRL) to describe the bug and vulnerability patterns. Program slicing criteria can be automatically extracted from the SWRL rules and adopted to slice the source code. A prototype of security vulnerability detection (SVD) tool is developed to show the validity of the proposed approach.