Razvan Raducu scite author profile

Different Machine Learning techniques to detect software vulnerabilities have emerged in scientific and industrial scenarios. Different actors in these scenarios aim to develop algorithms for predicting security threats without requiring human intervention. However, these algorithms require data-driven engines based on the processing of huge amounts of data, known as datasets. This paper introduces the SonarCloud Vulnerable Code Prospector for C (SVCP4C). This tool aims to collect vulnerable source code from open source repositories linked to SonarCloud, an online tool that performs static analysis and tags the potentially vulnerable code. The tool provides a set of tagged files suitable for extracting features and creating training datasets for Machine Learning algorithms. This study presents a descriptive analysis of these files and overviews current status of C vulnerabilities, specifically buffer overflow, in the reviewed public repositories.

show abstract

Defense and Attack Techniques Against File-Based TOCTOU Vulnerabilities: A Systematic Review

Raducu

Rodríguez

Álvarez

2022

IEEE Access

View full text Add to dashboard Cite

File-based Time-of-Check to Time-of-Use (TOCTOU) race conditions are a well-known type of security vulnerability. A wide variety of techniques have been proposed to detect, mitigate, avoid, and exploit these vulnerabilities over the past 35 years. However, despite these research efforts, TOCTOU vulnerabilities remain unsolved due to their non-deterministic nature and the particularities of the different filesystems involved in running vulnerable programs, especially in Unix-like operating system environments. In this paper, we present a systematic literature review on defense and attack techniques related to the file-based TOCTOU vulnerability. We apply a reproducible methodology to search, filter, and analyze the most relevant research proposals to define a global and understandable vision of existing solutions. The results of this analysis are finally used to discuss future research directions that can be explored to move towards a universal solution to this type of vulnerability. INDEX TERMS file-based race condition, TOCTOU vulnerability, avoidance techniques

show abstract

Innovation in financial education

Raducu

Fernández

Conde

et al. 2017

View full text Add to dashboard Cite

File-based race conditions in UNIX: TOCTOU

Raducu¹,

Rodríguez²,

Álvarez³

2020

Jorn. jovenes investig. I3A

View full text Add to dashboard Cite

show abstract

Resource Consumption Evaluation of C++ Cryptographic Libraries on Resource-Constrained Devices

Raducu

Rodríguez

Alvarez

2022

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Razvan Raducu

Collecting Vulnerable Source Code from Open-Source Repositories for Dataset Generation

Defense and Attack Techniques Against File-Based TOCTOU Vulnerabilities: A Systematic Review

Innovation in financial education

File-based race conditions in UNIX: TOCTOU

Resource Consumption Evaluation of C++ Cryptographic Libraries on Resource-Constrained Devices

Contact Info

Product

Resources

About