The Evaluation of the Embedded Software Quality Based on the Binary Code

Liu, Jinshuo; Zhang, Lanxin; Deng, Juan; Zhang, Weixin

doi:10.1109/qrs-c.2016.26

Cited by 5 publications

(1 citation statement)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Next, two algorithms, namely Vulnerability Judging algorithm based on Vulnerability Feature (VJVF) algorithm and Feature Judging (FJ) algorithm, are utilized to detect memory-related vulnerabilities. Furthermore, we benchmark the model against four vulnerability detection tools, namely MRVDAVF, cppcheck [6] , flawfinder [7] , and splint [8,9] . The main contributions of this paper are as follows.…”

Section: Introductionmentioning

confidence: 99%

A memory-related vulnerability detection approach based on vulnerability features

Chen

Zhang

et al. 2020

Tinshhua Sci. Technol.

View full text Add to dashboard Cite

Developing secure software systems is a major challenge in the software industry due to errors or weaknesses that bring vulnerabilities to the software system. To address this challenge, researchers often use the source code features of vulnerabilities to improve vulnerability detection. Notwithstanding the success achieved by these techniques, the existing studies mainly focus on the conceptual description without an accurate definition of vulnerability features. In this study, we introduce a novel and efficient Memory-Related Vulnerability Detection Approach using Vulnerability Features (MRVDAVF). Our framework uses three distinct strategies to improve vulnerability detection. In the first stage, we introduce an improved Control Flow Graph (CFG) and Pointer-related Control Flow Graph (PCFG) to describe the features of some common vulnerabilities, including memory leak, doublefree, and use-after-free. Afterward, two algorithms, namely Vulnerability Judging algorithm based on Vulnerability Feature (VJVF) and Feature Judging (FJ) algorithm, are employed to detect memory-related vulnerabilities. Finally, the proposed model is validated using three test cases obtained from Juliet Test Suite. The experimental results show that the proposed approach is feasible and effective.

show abstract