检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:Zhongxu Yin Yiran Song Huiqin Chen Yan Cao
机构地区:[1]State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou,450001,China [2]Henan University of Animal Husbandry&Economy,Zhengzhou,450046,China [3]University of Michigan Transportation Research Institute,Michigan,48109-2150,USA [4]Zhengzhou University,Zhengzhou,450001,China
出 处:《Computers, Materials & Continua》2020年第5期1013-1029,共17页计算机、材料和连续体(英文)
基 金:This work was supported by the National Key R&D Program of China(Grant No.2016QY07X1404);the Zhejiang Provincial Natural Science Foundation of China(Grant No.LY19E050012);the Humanities and Social Sciences project of the Ministry of Education of China(Grant No.19YJCZH005).
摘 要:Security-sensitive functions are the basis for building a taint-style vulnerability model.Current approaches for extracting security-sensitive functions either don’t analyze data flow accurately,or not conducting pattern analyzing of conditions,resulting in higher false positive rate or false negative rate,which increased manual confirmation workload.In this paper,we propose a security sensitive function mining approach based on preconditon pattern analyzing.Firstly,we propose an enhanced system dependency graph analysis algorithm for precisely extracting the conditional statements which check the function parameters and conducting statistical analysis of the conditional statements for selecting candidate security sensitive functions of the target program.Then we adopt a precondition pattern mining method based on conditional statements nomalizing and clustering.Functions with fixed precondition patterns are regarded as security-sensitive functions.The experimental results on four popular open source codebases of different scales show that the approach proposed is effective in reducing the false positive rate and false negative rate for detecting security sensitive functions.
关 键 词:Code mining security sensitive function function preconditions single-linkage clustering
分 类 号:TP3[自动化与计算机技术—计算机科学与技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.119.102.182