Report On Demand Driven Software Vulnerability Detection For C Program

1252 Words6 Pages
Critique Report on Demand-Driven Software Vulnerability Detection for C Program Software Vulnerability is an unintended flaw in software code or system that leaves it open to the potential for exploitation in the form of unauthorized access or malicious behavior such as viruses, worm and other forms of malware [12]. In order to avoid vulnerabilities in a software, security testing has been implemented, which helps in detecting software vulnerabilities effectively. Some of the methods which help in security testing are black box testing and white box testing [12]. Black box testing involves in generation of the test case using strategies like mutation, without considering source code structure. Which are fed to the system later [12]. The…show more content…
It has a problem with path explosion and often fails in a large system. The basic idea behind demand driven vulnerability testing is that to have a client site module which will trigger the vulnerability that has been detected by the system for the given path that it takes. If it discovers that the taken path has the vulnerability then it terminates the execution. If the program ends up finding a new path that was not taken previously then it passes the path information to the testing site module to find vulnerabilities in it [12]. At the testing site module it first recovers the execution path which will be the sequence of steps performed by the client then symbolic execution is employed on the path to find if there are any vulnerability is detected. If there is vulnerability is detected the testing site creates the signature and passes it to the client site. Thus in this approach it uses both the advantages and also the disadvantages of the above described systems [12]. The challenges that are faced by the above system are that the time and space constraint which involved in storing the bit pattern for each flow path in the client side for larger systems and also the security issue which helps the attacker to find the path and privacy of the client [12]. Fig: Represents the framework for demand driven security vulnerability detection [12] To get into the system overview the client site consist of the signature
Get Access