ISCAS OpenIR
Vulcloud: Scalable and hybrid vulnerability detection in cloud computing
Wu, Jingzheng (1); Wu, Yanjun (1); Wu, Zhifei (1); Yang, Mutian (1); Wang, Yongji (2)
2013
会议名称7th International Conference on Software Security and Reliability, SERE-C 2013
页码225-226
会议日期June 18, 2013 - June 20, 2013
会议地点Gaithersburg, MD, United states
收录类别CPCI ; EI
出版地IEEE Computer Society, 2001 L Street N.W., Suite 700, Washington, DC 20036-4928, United States
ISBN978-0-7695-5030-5
部门归属(1) Institute of Software, Chinese Academy of Sciences, China; (2) National Engineering Research Center of Fundamental Software, State Key Laboratory of Computer Sciences, China
摘要Vulnerability exploits will result in security breaches or violations of the system's security policy causing information leakage or economic losses. Although many detection methods such as static analysis, dynamic analysis and fuzz testing have been presented, the vulnerabilities are still difficult to detect. In this paper, we propose a new detection cloud service Vulcloud, which is scalable and hybrid combining the static, dynamic and fuzzing into cloud computing. Vulcloud first statically analyzes the objects and reports the potential vulnerable items. And then, the fuzzing cases for the items are semi-automated created, and tested under the dynamic monitoring. Finally, the source code of the results are statically analyzed again to determine whether they are vulnerabilities or not. The prototype of Vulcloud is implemented, and the performance is evaluated by Mplayer source code. The experiment results show that Vulcloud can detect vulnerabilities in software, and the challenges of storage and processing capabilities are resolved by cloud computing. © 2013 IEEE.; Vulnerability exploits will result in security breaches or violations of the system's security policy causing information leakage or economic losses. Although many detection methods such as static analysis, dynamic analysis and fuzz testing have been presented, the vulnerabilities are still difficult to detect. In this paper, we propose a new detection cloud service Vulcloud, which is scalable and hybrid combining the static, dynamic and fuzzing into cloud computing. Vulcloud first statically analyzes the objects and reports the potential vulnerable items. And then, the fuzzing cases for the items are semi-automated created, and tested under the dynamic monitoring. Finally, the source code of the results are statically analyzed again to determine whether they are vulnerabilities or not. The prototype of Vulcloud is implemented, and the performance is evaluated by Mplayer source code. The experiment results show that Vulcloud can detect vulnerabilities in software, and the challenges of storage and processing capabilities are resolved by cloud computing. © 2013 IEEE.
关键词Vulnerability Detection Cloud Computing Static Analysis Dynamic Analysis Fuzz Testing
语种英语
内容类型会议论文
URI标识http://ir.iscas.ac.cn/handle/311060/16533
专题中国科学院软件研究所
推荐引用方式
GB/T 7714
Wu, Jingzheng ,Wu, Yanjun ,Wu, Zhifei ,et al. Vulcloud: Scalable and hybrid vulnerability detection in cloud computing[C]. IEEE Computer Society, 2001 L Street N.W., Suite 700, Washington, DC 20036-4928, United States,2013:225-226.
条目包含的文件
条目无相关文件。
个性服务
推荐该条目
保存到收藏夹
查看访问统计
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[Wu, Jingzheng (1)]的文章
[Wu, Yanjun (1)]的文章
[Wu, Zhifei (1)]的文章
百度学术
百度学术中相似的文章
[Wu, Jingzheng (1)]的文章
[Wu, Yanjun (1)]的文章
[Wu, Zhifei (1)]的文章
必应学术
必应学术中相似的文章
[Wu, Jingzheng (1)]的文章
[Wu, Yanjun (1)]的文章
[Wu, Zhifei (1)]的文章
相关权益政策
暂无数据
收藏/分享
所有评论 (0)
暂无评论
 

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。