计算机科学 ›› 2016, Vol. 43 ›› Issue (5): 76-79.doi: 10.11896/j.issn.1002-137X.2016.05.014
张 ,李舟军,董国伟,马殿富
ZHANG Yan, LI Zhou-jun, DONG Guo-wei and MA Dian-fu
摘要: 提出了一种基于三维树模型的源代码缺陷分类方法,该方法综合考虑了缺陷产生的原因、造成的结果及其表现形式3方面的信息。实例分析结果表明:使用基于三维树模型的缺陷分类法得到的缺陷类别比CWE和Fortify中的缺陷分类更为精确和详细。该工作不仅有助于建立一种比较完善的源代码缺陷分类体系,而且对于缺陷检测规则的细化也具有实际的指导意义。
| [1] Mei Hong,Wang Qian-xiang,Zhang lu,et al.Software Analy-sis:A Road Map[J].Chinese Journal of Compters,2009,32(9):1697-1710(in Chinese) 梅宏,王千祥,张路,等.软件分析技术进展[J].计算机学报,2009,32(9):1697-1710 [2] Piessens F.A Taxonomy of Causes of Software Vulnerabilities in Internet Software[C]∥Proceedings of the 13th International Symposium on Software Reliability Engineering(ISSR’02).2002:47-52 [3] Aslam T.A Taxonomy of Security Faults in the Unix Operating System[R].Technique Report TR-95-09,Department of Computer Science,Purdue University,West Lafayette,USA,1995 [4] Jiwnani K,Zelkowitz M.Susceptibility Matrix:A New Aid to Software Auditing[J].IEEE Security and Privacy,2004,2(2):16-21 [5] Landwehr C E,Bull A R,McDermott J P.A Taxonomy of Computer Program Security Flaws with Examples[J].ACM Computing Surveys,1994,26(3):211-254 [6] Weber S,Karger P A,Paradkar A.A Software Flaw Taxonomy:Aiming Tools at Security[C]∥Proceedings of the 2005 Software Engineering for Secure Systems(SESS’05).2005:274-281 [7] Tsipenyuk K,Chess B,McGraw G.Seven Pernicious Kingdoms[J].A Taxonomy of Software Security Errors.IEEE Security & Privacy,2005,3(6):81-84 [8] Power R.Current and Future Danger:A CSI Primer on Compu-ter Crime & Information Warfare[M].Computer Security Institute,1998 [9] Krsul I,Spafford E,Tripunitara M.Computer VulnerabilityAnalysis[R].Technique Report TR-47909-1398,Department of Computer Science,Purdue University,West Lafayette,USA,1998 [10] Wenliang D,Mathur A P.Categorization of Software Errors that Lead to Security Breaches[C]∥Proceedings of the 21st National Information Systems Security Conference.1998:603-612 [11] Bishop M.A Taxonomy of Unix System and Network Vulnerabilities[R].Technical Report CSE-95-8,Dept.of Computer Scie-nce,University of California at Davis,Davis,1995 [12] Cohen F B.Information System Attacks:A Preliminary Classification Scheme[J].Computers and Security,1997,16(1):26-49 [13] Howared J D.An Analysis of Security Incidents on the Internet 1989-1995[R].Pittsburgh,USA:Carnegie Mellon University,1997 [14] Killourhy K S,Maxion R A,Tan K M.A Defense-centric Ta-xonomy Based on Attack Manifestations[C]∥2004 InternationalConference on Dependable Systems and Networks.IEEE,2004:102-111 [15] Hansman S,Hunt R.A Taxonomy of Network and ComputerAttack[J].Computers and Security,2005,24(1):31-43 [16] DeMillo R A,Mathur A P.A Grammar-based Fault Classification Scheme and Its Application to the Classification of the Errors of Tex[R].Technique Report,Department of Computer Scie-nce,Purdue University,West Lafayette,USA,1995 [17] Bazaz A,Arthur J D.Towards a taxonomy of vulnerabilities[C]∥Proceedings of the 40th Annual Hawaii International Conference on System Sciences.IEEE,2007:163 [18] CWE.http://cwe.mitre.org [19] Fortify Software.http://www.fortify.com [20] Huang Ming,Zeng Qing-kai.Research on Classification Attri-butes of Software Vulnerability[J].Computer Engineering,2010,36(1):184-186(in Chinese) 黄明,曾庆凯.软件脆弱性分类属性研究[J].计算机工程,2010,36(1):184-186 |
| No related articles found! |
|
||
首页