A Coverage and Slicing Dependencies Analysis for Seeking Software Security Defects

Software security defects have a serious impact on the software quality and reliability. It is a major hidden danger for the operation of a system that a software system has some security flaws. When the scale of the software increases, its vulnerability has becoming much more difficult to find out....

Descripción completa

Detalles Bibliográficos
Autores principales: He, Hui, Zhang, Dongyan, Liu, Min, Zhang, Weizhe, Gao, Dongmin
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Hindawi Publishing Corporation 2014
Materias:
Research Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3996880/
https://www.ncbi.nlm.nih.gov/pubmed/24982957
http://dx.doi.org/10.1155/2014/463912
_version_ 1782313111141744640
author He, Hui
Zhang, Dongyan
Liu, Min
Zhang, Weizhe
Gao, Dongmin
author_facet He, Hui
Zhang, Dongyan
Liu, Min
Zhang, Weizhe
Gao, Dongmin
author_sort He, Hui
collection PubMed
description Software security defects have a serious impact on the software quality and reliability. It is a major hidden danger for the operation of a system that a software system has some security flaws. When the scale of the software increases, its vulnerability has becoming much more difficult to find out. Once these vulnerabilities are exploited, it may lead to great loss. In this situation, the concept of Software Assurance is carried out by some experts. And the automated fault localization technique is a part of the research of Software Assurance. Currently, automated fault localization method includes coverage based fault localization (CBFL) and program slicing. Both of the methods have their own location advantages and defects. In this paper, we have put forward a new method, named Reverse Data Dependence Analysis Model, which integrates the two methods by analyzing the program structure. On this basis, we finally proposed a new automated fault localization method. This method not only is automation lossless but also changes the basic location unit into single sentence, which makes the location effect more accurate. Through several experiments, we proved that our method is more effective. Furthermore, we analyzed the effectiveness among these existing methods and different faults.
format Online
Article
Text
id pubmed-3996880
institution National Center for Biotechnology Information
language English
publishDate 2014
publisher Hindawi Publishing Corporation
record_format MEDLINE/PubMed
spelling pubmed-39968802014-06-30 A Coverage and Slicing Dependencies Analysis for Seeking Software Security Defects He, Hui Zhang, Dongyan Liu, Min Zhang, Weizhe Gao, Dongmin ScientificWorldJournal Research Article Software security defects have a serious impact on the software quality and reliability. It is a major hidden danger for the operation of a system that a software system has some security flaws. When the scale of the software increases, its vulnerability has becoming much more difficult to find out. Once these vulnerabilities are exploited, it may lead to great loss. In this situation, the concept of Software Assurance is carried out by some experts. And the automated fault localization technique is a part of the research of Software Assurance. Currently, automated fault localization method includes coverage based fault localization (CBFL) and program slicing. Both of the methods have their own location advantages and defects. In this paper, we have put forward a new method, named Reverse Data Dependence Analysis Model, which integrates the two methods by analyzing the program structure. On this basis, we finally proposed a new automated fault localization method. This method not only is automation lossless but also changes the basic location unit into single sentence, which makes the location effect more accurate. Through several experiments, we proved that our method is more effective. Furthermore, we analyzed the effectiveness among these existing methods and different faults. Hindawi Publishing Corporation 2014 2014-04-02 /pmc/articles/PMC3996880/ /pubmed/24982957 http://dx.doi.org/10.1155/2014/463912 Text en Copyright © 2014 Hui He et al. https://creativecommons.org/licenses/by/3.0/ This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
spellingShingle Research Article
He, Hui
Zhang, Dongyan
Liu, Min
Zhang, Weizhe
Gao, Dongmin
A Coverage and Slicing Dependencies Analysis for Seeking Software Security Defects
title A Coverage and Slicing Dependencies Analysis for Seeking Software Security Defects
title_full A Coverage and Slicing Dependencies Analysis for Seeking Software Security Defects
title_fullStr A Coverage and Slicing Dependencies Analysis for Seeking Software Security Defects
title_full_unstemmed A Coverage and Slicing Dependencies Analysis for Seeking Software Security Defects
title_short A Coverage and Slicing Dependencies Analysis for Seeking Software Security Defects
title_sort coverage and slicing dependencies analysis for seeking software security defects
topic Research Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3996880/
https://www.ncbi.nlm.nih.gov/pubmed/24982957
http://dx.doi.org/10.1155/2014/463912
work_keys_str_mv AT hehui acoverageandslicingdependenciesanalysisforseekingsoftwaresecuritydefects
AT zhangdongyan acoverageandslicingdependenciesanalysisforseekingsoftwaresecuritydefects
AT liumin acoverageandslicingdependenciesanalysisforseekingsoftwaresecuritydefects
AT zhangweizhe acoverageandslicingdependenciesanalysisforseekingsoftwaresecuritydefects
AT gaodongmin acoverageandslicingdependenciesanalysisforseekingsoftwaresecuritydefects
AT hehui coverageandslicingdependenciesanalysisforseekingsoftwaresecuritydefects
AT zhangdongyan coverageandslicingdependenciesanalysisforseekingsoftwaresecuritydefects
AT liumin coverageandslicingdependenciesanalysisforseekingsoftwaresecuritydefects
AT zhangweizhe coverageandslicingdependenciesanalysisforseekingsoftwaresecuritydefects
AT gaodongmin coverageandslicingdependenciesanalysisforseekingsoftwaresecuritydefects

Ejemplares similares