Skip to main content
Journal ArticleOPEN ACCESS

Detecting violations of security requirements for vulnerability discovery in source code

IEICE Transactions on Information and Systems (2016) E99D(9) 2385-2389
DOI: 10.1587/transinf.2016EDL8035
2Citations
Citations of this article
8Readers
Mendeley users who have this article in their library.

Abstract

Finding software vulnerabilities in source code before the program gets deployed is crucial to ensure the software quality. Existing source code auditing tools for vulnerability detection generate too many false positives, and only limited types of vulnerability can be detected automatically. In this paper, we propose an extendable mechanism to reveal vulnerabilities in source code with low false positives by specifying security requirements and detecting requirement violations of the potential vulnerable sinks. The experimental results show that the proposed mechanism can detect vulnerabilities with zero false positives and indicate the extendability of the mechanism to cover more types of vulnerabilities.

Author supplied keywords

Cite

CITATION STYLE

APA

Li, H., Oh, J., & Lee, H. (2016). Detecting violations of security requirements for vulnerability discovery in source code. IEICE Transactions on Information and Systems, E99D(9), 2385–2389. https://doi.org/10.1587/transinf.2016EDL8035

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free