The program dependence graph and its use in optimization
ACM Transactions on Programming Languages and Systems (TOPLAS)
Pointer-induced aliasing: a problem classification
POPL '91 Proceedings of the 18th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Efficiently computing static single assignment form and the control dependence graph
ACM Transactions on Programming Languages and Systems (TOPLAS)
Value dependence graphs: representation without taxation
POPL '94 Proceedings of the 21st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Generating Robust Parsers using Island Grammars
WCRE '01 Proceedings of the Eighth Working Conference on Reverse Engineering (WCRE'01)
Structure-preserving binary relations for program abstraction
The essence of computation
Program slices: formal, psychological, and practical investigations of an automatic program abstraction method
Dynamic Data Structure Analysis for Java Programs
ICPC '06 Proceedings of the 14th IEEE International Conference on Program Comprehension
Source Code Analysis: A Road Map
FOSE '07 2007 Future of Software Engineering
Towards dynamic interprocedural analysis in JVMs
VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3
Ontology Model-Based Static Analysis on Java Programs
COMPSAC '08 Proceedings of the 2008 32nd Annual IEEE International Computer Software and Applications Conference
FLAVERS: a finite state verification technique for software systems
IBM Systems Journal
Dimensions of precision in reference analysis of object-oriented programming languages
CC'03 Proceedings of the 12th international conference on Compiler construction
Hi-index | 0.00 |
Static analysis technologies and tools have been widely adopted in detecting software bugs and vulnerabilities. However, traditional approaches have their limitations on extensibility and reusability due to their methodologies, and are unsuitable to describe subtle vulnerabilities under complex and unaccountable contexts. This paper proposes an approach of static analysis based on ontology model enhanced by program slicing technology for detecting software vulnerabilities. We use Ontology Web Language (OWL) to model the source code and Semantic Web Rule Language (SWRL) to describe the bug and vulnerability patterns. Program slicing criteria can be automatically extracted from the SWRL rules and adopted to slice the source code. A prototype of security vulnerability detection (SVD) tool is developed to show the validity of the proposed approach.