Software Vulnerability Discovery Techniques: A Survey

Software vulnerabilities are the root cause of computer security problem. How people can quickly discover vulnerabilities existing in a certain software has always been the focus of information security field. This paper has done research on software vulnerability techniques, including static analysis, Fuzzing, penetration testing. Besides, the authors also take vulnerability discovery models as an example of software vulnerability analysis methods which go hand in hand with vulnerability discovery techniques. The ending part of the paper analyses the advantages and disadvantages of each technique introduced here and talks about the future direction of this field.

[1]  Fabio Massacci,et al.  An Idea of an Independent Validation of Vulnerability Discovery Models , 2012, ESSoS.

[2]  Gregor Snelting,et al.  Information flow control for Java based on path conditions in dependence graphs , 2006 .

[3]  Barry W. Boehm,et al.  Software Engineering Economics , 1993, IEEE Transactions on Software Engineering.

[4]  Leon J. Osterweil,et al.  Integrating the testing, analysis and debugging of programs , 1984 .

[5]  Pedram Amini,et al.  Fuzzing: Brute Force Vulnerability Discovery , 2007 .

[6]  Alessandro Orso,et al.  Penetration Testing with Improved Input Vector Identification , 2009, 2009 International Conference on Software Testing Verification and Validation.

[7]  Alessandro Piva Cryptography and Data Hiding for Media Security , 2008 .

[8]  Thomas A. Henzinger,et al.  Software Verification with BLAST , 2003, SPIN.

[9]  Andy Ozment,et al.  Software Security Growth Modeling: Examining Vulnerabilities with Reliability Growth Models , 2006, Quality of Protection.

[10]  Y.K. Malaiya,et al.  Prediction capabilities of vulnerability discovery models , 2006, RAMS '06. Annual Reliability and Maintainability Symposium, 2006..

[11]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[12]  Michael D. Ernst Static and dynamic analysis: synergy and duality , 2003 .

[13]  Matt Bishop,et al.  About Penetration Testing , 2007, IEEE Security & Privacy.

[14]  Nikolai Tillmann,et al.  Automating Software Testing Using Program Analysis , 2008, IEEE Software.

[15]  Peter Oehlert,et al.  Violating Assumptions with Fuzzing , 2005, IEEE Secur. Priv..

[16]  Herbert H. Thompson Application Penetration Testing , 2005, IEEE Secur. Priv..

[17]  Mattia Monga,et al.  A Smart Fuzzer for x86 Executables , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[18]  Sorin Lerner,et al.  ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.

[19]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[20]  Julien Signoles,et al.  Experience report: OCaml for an industrial-strength static analysis framework , 2009, ICFP.

[21]  James Andrew Ozment,et al.  Vulnerability discovery & software security , 2007 .

[22]  Koushik Sen DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.

[23]  Marco Pistoia,et al.  Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection , 2005, ECOOP.

[24]  Daniel Geer,et al.  Penetration testing: a duet , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[25]  Eran Yahav,et al.  When Role Models Have Flaws: Static Validation of Enterprise Security Policies , 2007, 29th International Conference on Software Engineering (ICSE'07).

[26]  Robert W. Shirey,et al.  Internet Security Glossary , 2000, RFC.

[27]  Standard Glossary of Software Engineering Terminology , 1990 .

[28]  Yashwant K. Malaiya,et al.  Modeling the vulnerability discovery process , 2005, 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05).

[29]  Yashwant K. Malaiya,et al.  Modeling vulnerability discovery process in Apache and IIS HTTP servers , 2011, Comput. Secur..

[30]  Eugene H. Spafford,et al.  A Trend Analysis of Vulnerabilities , 2005 .

[31]  Dawson R. Engler,et al.  EXE: Automatically Generating Inputs of Death , 2008, TSEC.

[32]  Sorin Lerner Path-Sensitive Program Veri cation in Polynomial Time , 2002 .

[33]  Gary McGraw,et al.  Software Penetration Testing , 2005, IEEE Secur. Priv..

[34]  Adam Kiezun,et al.  Grammar-based whitebox fuzzing , 2008, PLDI '08.

[35]  Eran Yahav,et al.  A survey of static analysis methods for identifying security vulnerabilities in software systems , 2007, IBM Syst. J..

[36]  Matt Bishop,et al.  A Critical Analysis of Vulnerability Taxonomies , 1996 .

[37]  Eric Rescorla,et al.  Is finding security holes a good idea? , 2005, IEEE Security & Privacy.

[38]  Marco Pistoia,et al.  A unified mathematical model for stack- and role-based authorization systems , 2005 .

[39]  Patrice Godefroid,et al.  Automated Whitebox Fuzz Testing , 2008, NDSS.

[40]  Gary McGraw,et al.  Static Analysis for Security , 2004, IEEE Secur. Priv..