中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 会议论文
Title:
Vulcloud: Scalable and hybrid vulnerability detection in cloud computing
Author: Wu, Jingzheng (1) ; Wu, Yanjun (1) ; Wu, Zhifei (1) ; Yang, Mutian (1) ; Wang, Yongji (2)
Conference Name: 7th International Conference on Software Security and Reliability, SERE-C 2013
Conference Date: June 18, 2013 - June 20, 2013
Issued Date: 2013
Conference Place: Gaithersburg, MD, United states
Keyword: Vulnerability Detection ; Cloud Computing ; Static Analysis ; Dynamic Analysis ; Fuzz testing
Publish Place: IEEE Computer Society, 2001 L Street N.W., Suite 700, Washington, DC 20036-4928, United States
Indexed Type: CPCI ; EI
ISBN: 978-0-7695-5030-5
Department: (1) Institute of Software, Chinese Academy of Sciences, China; (2) National Engineering Research Center of Fundamental Software, State Key Laboratory of Computer Sciences, China
Abstract: Vulnerability exploits will result in security breaches or violations of the system's security policy causing information leakage or economic losses. Although many detection methods such as static analysis, dynamic analysis and fuzz testing have been presented, the vulnerabilities are still difficult to detect. In this paper, we propose a new detection cloud service Vulcloud, which is scalable and hybrid combining the static, dynamic and fuzzing into cloud computing. Vulcloud first statically analyzes the objects and reports the potential vulnerable items. And then, the fuzzing cases for the items are semi-automated created, and tested under the dynamic monitoring. Finally, the source code of the results are statically analyzed again to determine whether they are vulnerabilities or not. The prototype of Vulcloud is implemented, and the performance is evaluated by Mplayer source code. The experiment results show that Vulcloud can detect vulnerabilities in software, and the challenges of storage and processing capabilities are resolved by cloud computing. © 2013 IEEE.
English Abstract: Vulnerability exploits will result in security breaches or violations of the system's security policy causing information leakage or economic losses. Although many detection methods such as static analysis, dynamic analysis and fuzz testing have been presented, the vulnerabilities are still difficult to detect. In this paper, we propose a new detection cloud service Vulcloud, which is scalable and hybrid combining the static, dynamic and fuzzing into cloud computing. Vulcloud first statically analyzes the objects and reports the potential vulnerable items. And then, the fuzzing cases for the items are semi-automated created, and tested under the dynamic monitoring. Finally, the source code of the results are statically analyzed again to determine whether they are vulnerabilities or not. The prototype of Vulcloud is implemented, and the performance is evaluated by Mplayer source code. The experiment results show that Vulcloud can detect vulnerabilities in software, and the challenges of storage and processing capabilities are resolved by cloud computing. © 2013 IEEE.
Language: 英语
Content Type: 会议论文
URI: http://ir.iscas.ac.cn/handle/311060/16533
Appears in Collections:软件所图书馆_会议论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
Wu, Jingzheng ,Wu, Yanjun ,Wu, Zhifei ,et al. Vulcloud: Scalable and hybrid vulnerability detection in cloud computing[C]. 见:7th International Conference on Software Security and Reliability, SERE-C 2013. Gaithersburg, MD, United states. June 18, 2013 - June 20, 2013.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Wu, Jingzheng (1)]'s Articles
[Wu, Yanjun (1)]'s Articles
[Wu, Zhifei (1)]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Wu, Jingzheng (1)]‘s Articles
[Wu, Yanjun (1)]‘s Articles
[Wu, Zhifei (1)]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2019  中国科学院软件研究所 - Feedback
Powered by CSpace