Family-Based Fingerprint Analysis: A Position Paper

Thousands of vulnerabilities are reported on a monthly basis to security repositories, such as the National Vulnerability Database. Among these vulnerabilities, software misconfiguration is one of the top 10 security risks for web applications. With this large influx of vulnerability reports, software fingerprinting has become a highly desired capability to discover distinctive and efficient signatures and recognize reportedly vulnerable software implementations. Due to the exponential worst-case complexity of fingerprint matching, designing more efficient methods for fingerprinting becomes highly desirable, especially for variability-intensive systems where optional features add another exponential factor to its analysis. This position paper presents our vision of a framework that lifts model learning and family-based analysis principles to software fingerprinting. In this framework, we propose unifying databases of signatures into a featured finite state machine and using presence conditions to specify whether and in which circumstances a given input-output trace is observed. We believe feature-based signatures can aid performance improvements by reducing the size of fingerprints under analysis.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
12/13/2022

Evaluation of Static Analysis on Web Applications

Web services are becoming business-critical components, often deployed w...
research
07/18/2018

SySeVR: A Framework for Using Deep Learning to Detect Software Vulnerabilities

The detection of software vulnerabilities (or vulnerabilities for short)...
research
06/14/2020

Vulnerability Coverage as an Adequacy Testing Criterion

Mainstream software applications and tools are the configurable platform...
research
10/29/2020

Examining the Relationship of Code and Architectural Smells with Software Vulnerabilities

Context: Security is vital to software developed for commercial or perso...
research
09/18/2020

On the Threat of npm Vulnerable Dependencies in Node.js Applications

Software vulnerabilities have a large negative impact on the software sy...
research
09/18/2023

Evaluating the Impact of ChatGPT on Exercises of a Software Security Course

Along with the development of large language models (LLMs), e.g., ChatGP...
research
02/23/2021

V2W-BERT: A Framework for Effective Hierarchical Multiclass Classification of Software Vulnerabilities

Weaknesses in computer systems such as faults, bugs and errors in the ar...

Please sign up or login with your details

Forgot password? Click here to reset