A Cross Language Code Security Audit Framework Based on Normalized Representation  

在线阅读下载全文

作  者:Yong Chen Chao Xu Jing Selena He Sheng Xiao 

机构地区:[1]School of Information Engineering,Nanjing Audit University,Nanjing,211815,China [2]Department of Computer Science,Kennesaw State University,Kennesaw,30144-5588,USA [3]Information Science and Engineering Department,Hunan First Normal University,Changsha,410205,China

出  处:《Journal of Quantum Computing》2022年第2期75-84,共10页量子计算杂志(英文)

基  金:This work was supported by the Universities Natural Science Research Project of Jiangsu Province under Grant 20KJB520026;the Natural Science Foundation of Jiangsu Province under Grant BK20180821.

摘  要:With the rapid development of information technology,audit objects and audit itself are more and more inseparable from software.As an important means of software security audit,code security audit will become an important aspect of future audit that cannot be ignored.However,the existing code security audit ismainly based on source code,which is difficult to meet the audit needs of more and more programming languages and binary commercial software.Based on the idea of normalized transformation,this paper constructs a cross language code security audit framework(CLCSA).CLCSA first uses compile/decompile technology to convert different highlevel programming languages and binary codes into normalized representation,and then usesmachine learning technology to build a cross language code security audit model based on normalized representation to evaluate code security and find out possible code security vulnerabilities.Finally,for the discovered vulnerabilities,the heuristic search strategy will be used to find the best repair scheme from the existing normalized representation sample library for automatic repair,which can improve the effectiveness of code security audit.CLCSA realizes the normalized code security audit of different types and levels of code,which provides a strong support for improving the breadth and depth of code security audit.

关 键 词:Code security audit NORMALIZATION cross language security vulnerabilities 

分 类 号:TP3[自动化与计算机技术—计算机科学与技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象