Abstract
Abstract After analyzing the common attacks for some software systems, a dynamic software behavior verification model related with the unchecked input data based on software analysis and dynamic slicing technology is proposed. Regarding a statement as a basic analysis unit, and the information flow as the main behavior of the software, the direction of the information flow of each statement is defined as its behavior specification, the information flow verification problem is converted into the verification for assigning variable address's validation. During the execution, behavior of the statements that use untrusted variable is monitored to verify whether the address modified by the statements belongs to the specification or not. If it is consistent with the specification, the execution of the statement is permitted. Based on the behavior model proposed, a method of extracting of the behavior specification was researched and a method of dynamic verification was designed. In order to prove for efficiency...
Highlights
Software’s behavior may be violated when existence of the vulnerability is triggered by attackers
For ensuring software’s behavior to act as its expectation, the goal of this paper is to constructs a software behavior model related with the unchecked input data for identifying and tracking the insecure information flows based on software analysis and dynamic slicing technology
The contributions of this paper are as follows: (1) Constructing an software behavior model related with the unchecked input data by combining software dynamic slicing technology and a complementary static analysis that prevent attacks by monitoring the flow of sensitive information when program executes
Summary
Software’s behavior may be violated when existence of the vulnerability is triggered by attackers. When malicious users exploit the software security vulnerabilities to conduct an attack, an abnormal information flow might occur and lead to the variable or address-space information flow inconsistent with their expected use. For ensuring software’s behavior to act as its expectation, the goal of this paper is to constructs a software behavior model related with the unchecked input data for identifying and tracking the insecure information flows based on software analysis and dynamic slicing technology. The contributions of this paper are as follows: (1) Constructing an software behavior model related with the unchecked input data by combining software dynamic slicing technology and a complementary static analysis that prevent attacks by monitoring the flow of sensitive information when program executes.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
