Login | Register

On building a dynamic security vulnerability detection system using program monitoring technique

Title:

On building a dynamic security vulnerability detection system using program monitoring technique

Yang, Zhenrong (2008) On building a dynamic security vulnerability detection system using program monitoring technique. Masters thesis, Concordia University.

[img]
Preview
Text (application/pdf)
MR40905.pdf - Accepted Version
6MB

Abstract

This thesis presents a dynamic security vulnerability detection framework that sets up an infrastructure for automatic security testing of Free and Open Source Software (FOSS) projects. It makes three contributions to the design and implementation of a dynamic vulnerability detection system. Firstly, a mathematical model called Team Edit Automata is defined and implemented for security property specification. Secondly, an automatic code instrumentation tool is designed and implemented by extending the GNU Compiler Collection (GCC). The extension facilitates seamless integration of code instrumentation into FOSS projects' existing build system. Thirdly, a dynamic vulnerability detection system is prototyped to integrate the aforementioned two techniques. Experiments with the system are elaborated to automatically build, execute, and detect vulnerabilities of FOSS projects. Overall, this research demonstrates that monitoring program with Team Edit Automata can effectively detect security property violation.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Yang, Zhenrong
Pagination:xi, 132 leaves : ill. ; 29 cm.
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Institute for Information Systems Engineering
Date:2008
Thesis Supervisor(s):Debbabi, M
ID Code:976019
Deposited By: Concordia University Library
Deposited On:22 Jan 2013 16:18
Last Modified:18 Jan 2018 17:41
Related URLs:
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Back to top Back to top