Yang, Zhenrong (2008) On building a dynamic security vulnerability detection system using program monitoring technique. Masters thesis, Concordia University.
Preview |
Text (application/pdf)
6MBMR40905.pdf - Accepted Version |
Abstract
This thesis presents a dynamic security vulnerability detection framework that sets up an infrastructure for automatic security testing of Free and Open Source Software (FOSS) projects. It makes three contributions to the design and implementation of a dynamic vulnerability detection system. Firstly, a mathematical model called Team Edit Automata is defined and implemented for security property specification. Secondly, an automatic code instrumentation tool is designed and implemented by extending the GNU Compiler Collection (GCC). The extension facilitates seamless integration of code instrumentation into FOSS projects' existing build system. Thirdly, a dynamic vulnerability detection system is prototyped to integrate the aforementioned two techniques. Experiments with the system are elaborated to automatically build, execute, and detect vulnerabilities of FOSS projects. Overall, this research demonstrates that monitoring program with Team Edit Automata can effectively detect security property violation.
| Divisions: | Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering |
|---|---|
| Item Type: | Thesis (Masters) |
| Authors: | Yang, Zhenrong |
| Pagination: | xi, 132 leaves : ill. ; 29 cm. |
| Institution: | Concordia University |
| Degree Name: | M.A. Sc. |
| Program: | Institute for Information Systems Engineering |
| Date: | 2008 |
| Thesis Supervisor(s): | Debbabi, M |
| Identification Number: | LE 3 C66I54M 2008 Y36 |
| ID Code: | 976019 |
| Deposited By: | Concordia University Library |
| Deposited On: | 22 Jan 2013 16:18 |
| Last Modified: | 13 Jul 2020 20:09 |
| Related URLs: |
Repository Staff Only: item control page
Download Statistics
Download Statistics