Vulnerability Localization Method Based on Software Structural Signature of Complex Network

Author

Fan Yang ; Huanguo Zhang

Author_Institution

Comput. Sch., Wuhan Univ., Wuhan, China

fYear

2013

fDate

26-28 Sept. 2013

Firstpage

188

Lastpage

192

Abstract

Software vulnerability localization is of great importance for vulnerability analysis as the basic step of vulnerability exploitation and vulnerability fix up. By viewing large-scale software as a complex network system, we present a new method of vulnerability localization. The software structure is depicted by system-level features of complex network. In this way, we generate structural signatures of the original and patched software respectively. By comparing the structural signatures and splitting the connexity group recursively, the vulnerability location can be localized. To speed up the comparison, backtracking is taken during the recursion. Results of the experiments show the effective localization capability of this method.

Keywords

backtracking; complex networks; digital signatures; software engineering; backtracking; complex network; complex network system; connexity group splitting; large-scale software; patched software; software structural signature; software vulnerability localization method; structural signatures; system-level features; vulnerability analysis; vulnerability exploitation; vulnerability fixup; Complex networks; Computers; Educational institutions; Flow graphs; Security; Software systems; Backtracking; Complex Network; Structural Signature; Vulnerability Localization;

fLanguage

English

Publisher

ieee

Conference_Titel

Embedded Multicore Socs (MCSoC), 2013 IEEE 7th International Symposium on

Conference_Location

Tokyo

Type

conf

DOI

10.1109/MCSoC.2013.37

Filename

6657928