Institutional Repository
| Vulcloud: Scalable and hybrid vulnerability detection in cloud computing | |
| Wu, Jingzheng (1); Wu, Yanjun (1); Wu, Zhifei (1); Yang, Mutian (1); Wang, Yongji (2) | |
| 2013 | |
| 会议名称 | 7th International Conference on Software Security and Reliability, SERE-C 2013 |
| 页码 | 225-226 |
| 会议日期 | June 18, 2013 - June 20, 2013 |
| 会议地点 | Gaithersburg, MD, United states |
| 收录类别 | CPCI ; EI |
| 出版地 | IEEE Computer Society, 2001 L Street N.W., Suite 700, Washington, DC 20036-4928, United States |
| ISBN | 978-0-7695-5030-5 |
| 部门归属 | (1) Institute of Software, Chinese Academy of Sciences, China; (2) National Engineering Research Center of Fundamental Software, State Key Laboratory of Computer Sciences, China |
| 摘要 | Vulnerability exploits will result in security breaches or violations of the system's security policy causing information leakage or economic losses. Although many detection methods such as static analysis, dynamic analysis and fuzz testing have been presented, the vulnerabilities are still difficult to detect. In this paper, we propose a new detection cloud service Vulcloud, which is scalable and hybrid combining the static, dynamic and fuzzing into cloud computing. Vulcloud first statically analyzes the objects and reports the potential vulnerable items. And then, the fuzzing cases for the items are semi-automated created, and tested under the dynamic monitoring. Finally, the source code of the results are statically analyzed again to determine whether they are vulnerabilities or not. The prototype of Vulcloud is implemented, and the performance is evaluated by Mplayer source code. The experiment results show that Vulcloud can detect vulnerabilities in software, and the challenges of storage and processing capabilities are resolved by cloud computing. © 2013 IEEE.; Vulnerability exploits will result in security breaches or violations of the system's security policy causing information leakage or economic losses. Although many detection methods such as static analysis, dynamic analysis and fuzz testing have been presented, the vulnerabilities are still difficult to detect. In this paper, we propose a new detection cloud service Vulcloud, which is scalable and hybrid combining the static, dynamic and fuzzing into cloud computing. Vulcloud first statically analyzes the objects and reports the potential vulnerable items. And then, the fuzzing cases for the items are semi-automated created, and tested under the dynamic monitoring. Finally, the source code of the results are statically analyzed again to determine whether they are vulnerabilities or not. The prototype of Vulcloud is implemented, and the performance is evaluated by Mplayer source code. The experiment results show that Vulcloud can detect vulnerabilities in software, and the challenges of storage and processing capabilities are resolved by cloud computing. © 2013 IEEE. |
| 关键词 | Vulnerability Detection Cloud Computing Static Analysis Dynamic Analysis Fuzz Testing |
| 语种 | 英语 |
| 内容类型 | 会议论文 |
| URI标识 | http://ir.iscas.ac.cn/handle/311060/16533 |
| 专题 | 中国科学院软件研究所 |
| 推荐引用方式 GB/T 7714 | Wu, Jingzheng ,Wu, Yanjun ,Wu, Zhifei ,et al. Vulcloud: Scalable and hybrid vulnerability detection in cloud computing[C]. IEEE Computer Society, 2001 L Street N.W., Suite 700, Washington, DC 20036-4928, United States,2013:225-226. |
| 条目包含的文件 | 条目无相关文件。 | |||||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论