Towards integration of syntactic and semantic vulnerability patterns
Tools
Tools
Akhter, Lal, Khan, Muhammad Taimoor 
ORCID: https://orcid.org/0000-0002-5752-6420, Loukas, George ORCID: https://orcid.org/0000-0003-3559-5182 and Sakellari, Georgia ORCID: https://orcid.org/0000-0001-7238-8700
(2024)
Towards integration of syntactic and semantic vulnerability patterns.
In: 2024 IEEE 21st International Conference on Software Architecture Companion (ICSA-C) DOI: 10.1109/ICSA-C63560.2024, 4th - 8th June 2024.
IEEE Xplore
.
Institute of Electrical and Electronics Engineers (IEEE), Piscataway, New Jersey, pp. 260-264.
ISBN 979-8350366259; 979-850366266
ISSN 2768-4288 (Print), 2768-427X (Online)
(doi:10.1109/ICSA-C63560.2024.00054)
Preview |
PDF (Author's Accepted Manuscript)
49340 KHAN_Towards_Integration_Of_Syntactic_And_Semantic_Vulnerability_Patterns_(AAM)_2024.pdf - Accepted Version Download (474kB) | Preview |
Abstract
This paper advances the field of software security by proposing an integrated approach for analysing both syntactic and semantic vulnerability patterns. Utilising a detailed vulnerability and attack library alongside a verification tool for language-neutral threat assessment, this study enhances the detection and mitigation of security threats in diverse programming environments. The research builds upon and refines previous work by employing Structured Threat Information eXpression (STIX) objects and XPath for syntactic analysis and introduces advanced semantic error detection techniques. A specialised tool developed and demonstrated previously to model vulnerability patterns from the MITRE database for comprehensive analysis to demonstrate the practical application of this research is now enhanced to add new features. This paper outlines the enhancements in the integrated analysis tool and shows its current features of detecting semantic vulnerability patterns using Infer. It also gives details of future development plans, which is the development of a web version, aiming to increase accessibility and utility. Highlighting the significance of a holistic vulnerability analysis approach, the research underscores the potential for future applications in securing open-source projects and broader software development practices.
| Item Type: | Conference Proceedings |
|---|---|
| Title of Proceedings: | 2024 IEEE 21st International Conference on Software Architecture Companion (ICSA-C) DOI: 10.1109/ICSA-C63560.2024, 4th - 8th June 2024 |
| Uncontrolled Keywords: | model-based security, vulnerability detection, syntact patterns, semantic patterns |
| Subjects: | Q Science > Q Science (General) Q Science > QA Mathematics Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
| Faculty / School / Research Centre / Research Group: | Faculty of Engineering & Science Faculty of Engineering & Science > School of Computing & Mathematical Sciences (CMS) |
| Last Modified: | 13 Jan 2025 16:48 |
| URI: | http://gala.gre.ac.uk/id/eprint/49340 |
Actions (login required)
 |
View Item |
Downloads
Downloads per month over past year