Towards Security Vulnerability Detection by Source Code Model Checking

Author

Li, Keqin

Author_Institution

SAP Res., Sophia Antipolis, France

fYear

2010

fDate

6-10 April 2010

Firstpage

381

Lastpage

387

Abstract

Security in code level is an important aspect to achieve high quality software. Various security programming guidelines are defined to improve the quality of software code. At the same time, enforcing mechanisms of these guidelines are needed. In this paper, we use source code model checking technique to check whether some security programming guidelines are followed, and correspondingly to detect related security vulnerabilities. Two SAP security programming guidelines related to logging sensitive information and Cross-Site Scripting attack are used as examples. In the case studies, Bandera Tool Set is used as source code model checker, and minimizing programmers´ additional effort is set as one of the goals.

Keywords

formal verification; security of data; software quality; Bandera tool set; SAP security programming guidelines; cross-site scripting attack; security vulnerability detection; software code quality; source code model checking; Application software; Electronic mail; Guidelines; Information security; Java; Programming profession; Software quality; Software testing; Specification languages; Time factors; model checking; security; source code analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Testing, Verification, and Validation Workshops (ICSTW), 2010 Third International Conference on

Conference_Location

Paris

Print_ISBN

978-1-4244-6773-0

Type

conf

DOI

10.1109/ICSTW.2010.23

Filename

5463672