Alnaeli et al., 2017 - Google Patents
Source code vulnerabilities in IoT software systemsAlnaeli et al., 2017
View PDF- Document ID
- 11774785801777214487
- Author
- Alnaeli S
- Sarnowski M
- Aman M
- Abdelgawad A
- Yelamarthi K
- Publication year
- Publication venue
- Adv. Sci. Technol. Eng. Syst. J
External Links
Snippet
An empirical study that examines the usage of known vulnerable statements in software systems developed in C/C++ and used for IoT is presented. The study is conducted on 18 open source systems comprised of millions of lines of code and containing thousands of …
- 230000003247 decreasing 0 abstract description 6
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30861—Retrieval from the Internet, e.g. browsers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/20—Handling natural language data
- G06F17/21—Text processing
- G06F17/22—Manipulating or registering by use of codes, e.g. in sequence of text characters
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformations of program code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Snyder et al. | Most websites don't need to vibrate: A cost-benefit approach to improving browser security | |
| US20180089428A1 (en) | Detecting script-based malware using emulation and heuristics | |
| Qian et al. | Slimium: debloating the chromium browser with feature subsetting | |
| Kim et al. | WebMon: ML-and YARA-based malicious webpage detection | |
| Alnaeli et al. | Source code vulnerabilities in IoT software systems | |
| Alnaeli et al. | Vulnerable C/C++ code usage in IoT software systems | |
| Sarker et al. | Hiding in plain site: Detecting javascript obfuscation through concealed browser api usage | |
| Moog et al. | Statically detecting javascript obfuscation and minification techniques in the wild | |
| Alenezi et al. | Open source web application security: A static analysis approach | |
| US8572748B2 (en) | Label-based taint analysis | |
| Leithner et al. | Hydra: Feedback-driven black-box exploitation of injection vulnerabilities | |
| Bagheri et al. | Efficient, evolutionary security analysis of interacting android apps | |
| Chahar et al. | Code analysis for software and system security using open source tools | |
| Liu et al. | Evaluating the privacy policy of android apps: a privacy policy compliance study for popular apps in China and Europe | |
| Pieczul et al. | Runtime detection of zero-day vulnerability exploits in contemporary software systems | |
| Tóth et al. | LLMs in Web-Development: Evaluating LLM-Generated PHP code unveiling vulnerabilities and limitations | |
| Munaiah et al. | Darwin: A static analysis dataset of malicious and benign android apps | |
| Jaeger et al. | Normalizing security events with a hierarchical knowledge base | |
| Lawall et al. | WYSIWIB: exploiting fine‐grained program structure in a scriptable API‐usage protocol‐finding process | |
| Alnaeli et al. | On the evolution of mobile computing software systems and C/C++ vulnerable code: Empirical investigation | |
| Rafnsson et al. | Fixing vulnerabilities automatically with linters | |
| Lathar et al. | Stacy-static code analysis for enhanced vulnerability detection | |
| Crincoli et al. | Code reordering obfuscation technique detection by means of weak bisimulation | |
| Zhang et al. | Poster: Finding JavaScript Name Conflicts on the Web | |
| Pieczul et al. | The evolution of a security control |