微信服务号

微信订阅号

2025-4-13- 5
Home > Archive>Volume 29, Issue 5, 2018 >1230-1243. DOI:10.13328/j.cnki.jos.005503
PDF HTML XML Export Cite reminder
Method for Automated Detection of Suspicious Vulnerability Related to Numerical Stability
Author:
Affiliation:

Fund Project:

National Natural Science Foundation of China (61772260, 61402222, 61373013); National Program on Key Basic Research Project of China (973) (2014CB340700); Prospective Project of Jiangsu Province on Industry-University-Research (BY20150 69-03)

  • Article
    • | |
  • Metrics
    • |
  • Reference
    • |
  • Related
    • |
  • Cited by
    • | |
  • Comments
    Abstract:

    Vulnerability detection is an important way of improving the security of software.However,the development of the Internet makes it possible for hackers to attack software systems with new techniques.This paper focuses on a new kind of vulnerability that relates to numerical stability.It poses new threat to software security as hackers are able to bypass security protection by the new kind of vulnerability,and numerical analysis is difficult to detect such a vulnerability.In the paper,the vulnerability related to numerical stability is defined from the perspective of software behavior variation caused by numerical errors,and an automatic detection approach is proposed.The approach combines the static analysis and symbolic execution,and detects the vulnerability by three steps:symbolic extraction,static attack analysis,and dynamic attack verification with high precision values.This new approach is evaluated on a few famous open source projects.The results show that the proposed approach effectively detects the vulnerabilities related to numerical stability hidden in the real-world projects.

    Reference
    Related
    Cited by
Get Citation

沈维军,汤恩义,陈振宇,陈鑫,李彬,翟娟.数值稳定性相关漏洞隐患的自动化检测方法.软件学报,2018,29(5):1230-1243

Copy
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:July 01,2017
  • Revised:August 29,2017
  • Adopted:November 21,2017
  • Online: January 09,2018
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the firstVisitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063