Vulcloud: Scalable and hybrid vulnerability detection in cloud computing
文献类型:会议论文
| 作者 | Wu, Jingzheng (1) ; Wu, Yanjun (1) ; Wu, Zhifei (1) ; Yang, Mutian (1) ; Wang, Yongji (2) |
| 出版日期 | 2013 |
| 会议名称 | 7th International Conference on Software Security and Reliability, SERE-C 2013 |
| 会议日期 | June 18, 2013 - June 20, 2013 |
| 会议地点 | Gaithersburg, MD, United states |
| 关键词 | Vulnerability Detection Cloud Computing Static Analysis Dynamic Analysis Fuzz testing |
| 页码 | 225-226 |
| 中文摘要 | Vulnerability exploits will result in security breaches or violations of the system's security policy causing information leakage or economic losses. Although many detection methods such as static analysis, dynamic analysis and fuzz testing have been presented, the vulnerabilities are still difficult to detect. In this paper, we propose a new detection cloud service Vulcloud, which is scalable and hybrid combining the static, dynamic and fuzzing into cloud computing. Vulcloud first statically analyzes the objects and reports the potential vulnerable items. And then, the fuzzing cases for the items are semi-automated created, and tested under the dynamic monitoring. Finally, the source code of the results are statically analyzed again to determine whether they are vulnerabilities or not. The prototype of Vulcloud is implemented, and the performance is evaluated by Mplayer source code. The experiment results show that Vulcloud can detect vulnerabilities in software, and the challenges of storage and processing capabilities are resolved by cloud computing. © 2013 IEEE. |
| 英文摘要 | Vulnerability exploits will result in security breaches or violations of the system's security policy causing information leakage or economic losses. Although many detection methods such as static analysis, dynamic analysis and fuzz testing have been presented, the vulnerabilities are still difficult to detect. In this paper, we propose a new detection cloud service Vulcloud, which is scalable and hybrid combining the static, dynamic and fuzzing into cloud computing. Vulcloud first statically analyzes the objects and reports the potential vulnerable items. And then, the fuzzing cases for the items are semi-automated created, and tested under the dynamic monitoring. Finally, the source code of the results are statically analyzed again to determine whether they are vulnerabilities or not. The prototype of Vulcloud is implemented, and the performance is evaluated by Mplayer source code. The experiment results show that Vulcloud can detect vulnerabilities in software, and the challenges of storage and processing capabilities are resolved by cloud computing. © 2013 IEEE. |
| 收录类别 | CPCI ; EI |
| 会议录出版地 | IEEE Computer Society, 2001 L Street N.W., Suite 700, Washington, DC 20036-4928, United States |
| 语种 | 英语 |
| ISBN号 | 978-0-7695-5030-5 |
| 源URL | [http://ir.iscas.ac.cn/handle/311060/16533]  |
| 专题 | 软件研究所_软件所图书馆_会议论文 |
| 推荐引用方式 GB/T 7714 | Wu, Jingzheng ,Wu, Yanjun ,Wu, Zhifei ,et al. Vulcloud: Scalable and hybrid vulnerability detection in cloud computing[C]. 见:7th International Conference on Software Security and Reliability, SERE-C 2013. Gaithersburg, MD, United states. June 18, 2013 - June 20, 2013. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。