Institutional Repository
| Vulcloud: Scalable and hybrid vulnerability detection in cloud computing | |
| Wu, Jingzheng (1); Wu, Yanjun (1); Wu, Zhifei (1); Yang, Mutian (1); Wang, Yongji (2) | |
| 2013 | |
| Conference Name | 7th International Conference on Software Security and Reliability, SERE-C 2013 |
| Pages | 225-226 |
| Conference Date | June 18, 2013 - June 20, 2013 |
| Conference Place | Gaithersburg, MD, United states |
| Indexed Type | CPCI ; EI |
| Publish Place | IEEE Computer Society, 2001 L Street N.W., Suite 700, Washington, DC 20036-4928, United States |
| ISBN | 978-0-7695-5030-5 |
| Department | (1) Institute of Software, Chinese Academy of Sciences, China; (2) National Engineering Research Center of Fundamental Software, State Key Laboratory of Computer Sciences, China |
| English Abstract | Vulnerability exploits will result in security breaches or violations of the system's security policy causing information leakage or economic losses. Although many detection methods such as static analysis, dynamic analysis and fuzz testing have been presented, the vulnerabilities are still difficult to detect. In this paper, we propose a new detection cloud service Vulcloud, which is scalable and hybrid combining the static, dynamic and fuzzing into cloud computing. Vulcloud first statically analyzes the objects and reports the potential vulnerable items. And then, the fuzzing cases for the items are semi-automated created, and tested under the dynamic monitoring. Finally, the source code of the results are statically analyzed again to determine whether they are vulnerabilities or not. The prototype of Vulcloud is implemented, and the performance is evaluated by Mplayer source code. The experiment results show that Vulcloud can detect vulnerabilities in software, and the challenges of storage and processing capabilities are resolved by cloud computing. © 2013 IEEE.; Vulnerability exploits will result in security breaches or violations of the system's security policy causing information leakage or economic losses. Although many detection methods such as static analysis, dynamic analysis and fuzz testing have been presented, the vulnerabilities are still difficult to detect. In this paper, we propose a new detection cloud service Vulcloud, which is scalable and hybrid combining the static, dynamic and fuzzing into cloud computing. Vulcloud first statically analyzes the objects and reports the potential vulnerable items. And then, the fuzzing cases for the items are semi-automated created, and tested under the dynamic monitoring. Finally, the source code of the results are statically analyzed again to determine whether they are vulnerabilities or not. The prototype of Vulcloud is implemented, and the performance is evaluated by Mplayer source code. The experiment results show that Vulcloud can detect vulnerabilities in software, and the challenges of storage and processing capabilities are resolved by cloud computing. © 2013 IEEE. |
| Keyword | Vulnerability Detection Cloud Computing Static Analysis Dynamic Analysis Fuzz Testing |
| Language | 英语 |
| Content Type | 会议论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/16533 |
| Collection | 中国科学院软件研究所 |
| Recommended Citation GB/T 7714 | Wu, Jingzheng ,Wu, Yanjun ,Wu, Zhifei ,et al. Vulcloud: Scalable and hybrid vulnerability detection in cloud computing[C]. IEEE Computer Society, 2001 L Street N.W., Suite 700, Washington, DC 20036-4928, United States,2013:225-226. |
| Files in This Item: | There are no files associated with this item. | |||||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment