Title

Detection and Analysis of Security Vulnerabilities in Java

DOI

10.6131/MISR.2014.1902.03

Authors

Ch. Aswani Kumar;M. Sai Charitha

Key Words

Formal Concept Analysis ; Java Programs ; Static Analysis ; Vulnerability Detection

PublicationName

MIS REVIEW:An International Journal

Volume or Term/Year and Month of Publication

19卷2期(2014 / 03 / 01)

Page #

39 - 56

Content Language

英文

English Abstract

There are several tools that use techniques like static analysis, lexical analysis etc to detect the vulnerabilities in Java based programs. However still there are vulnerabilities which are not traceable by the available tools. The objective of this paper is twofold. We develop a method to detect vulnerabilities in Java programs. Further we analyze the dependencies among the vulnerabilities using mathematical lattice theory based formal concept analysis. Our experimental result show that the proposed model is able to detect the untraceable vulnerabilities and the dependency analysis is in good agreement with the literature.

Topic Category 基礎與應用科學 > 資訊科學
社會科學 > 管理學
Reference
  1. Aswani Kumar, Ch.(2012).Modeling access permissions in role based access control using formal concept analysis.Wireless Networks and Computational Intelligence,Berlin, Germany:
  2. Aswani Kumar, Ch.(2013).Designing role based access control using formal concept analysis.Security and Communication Networks,6(3),373-383.
  3. Aswani Kumar, Ch.(2012).Fuzzy clustering based formal concept analysis for association rules mining.Applied Artificial Intelligence,26(3),274-301.
  4. Aswani Kumar, Ch.(2011).Knowledge discovery in data using formal concept analysis and random projections.International Journal of Applied Mathematics and Computer Science,21(4),745-756.
  5. Aswani Kumar, Ch.(2011).Mining association rules using non-negative matrix factorization and formal concept analysis.Communications in Computer and Information Science,157,31-39.
  6. Aswani Kumar, Ch.,Srinivas, S.(2010).Concept lattice reduction using fuzzy k-means clustering.Expert Systems with Applications,37(3),2696-2704.
  7. Aswani Kumar, Ch.,Srinivas, S.(2010).Mining associations in health care data using formal concept analysis and singular value decomposition.Journal of Biological Systems,18(4),787-807.
  8. Austin, A.,Holmgreen, C.,Williams, L.(2013).A comparison of the efficiency and effectiveness of vulnerability discovery techniques.Information and Software Technology,55(7),1279-1288.
  9. Becker, K.,Stumme, G.,Wille, R.,Wille, U.,Zickwolff, M.(2000).Conceptual information systems discussed through an IT-security tool.Engineering and Knowledge Management Methods, Models, and Tools,New York, NY:
  10. Breier, J.,Hudec, L.(2012).Towards a security evaluation model based on security metrics.Proceedings of 13th International Conference on Computer System and Technologies,Ruse, Bulgaria:
  11. Ganapathy, V.,King, D.,Jaeger, T.,Jha, S.(2007).Mining security-sensitive operations in legacy code using concept analysis.Proceedings of the 29th International Conference on Software Engineering,Minneapolis, MN:
  12. Ganter, B.(Ed.),Stumme, G.(Ed.),Wille, R.(Ed.)(2005).Formal Concept Analysis: Foundations and Applications.Berlin, Germany:Springer.
  13. Garber, L.(2012).Have Java's security issues gotten out of hand?.IEEE Computer,45(12),18-21.
  14. Kuznetsov, S.O.,Poelmans, J.(2013).Knowledge representation and processing with formal concept analysis.WIREs Data Mining and Knowledge Discovery,3(3),200-215.
  15. Li, J.,Mei, C.,Aswani Kumar, Ch.,Zhang, X.(2013).On rule acquisition in decision formal contexts.Machine Learning and Cybernetics,4(6),721-731.
  16. Long, F.W.(2005).Software Vulnerabilities in Java.Pittsburgh, PA.:Carnegie Mellon University.
  17. Neuhaus, S.,Zimmermann, T.(2009).The beauty and the beast: vulnerabilities in red hat's packages.Proceedings of the 29 USENIX Annual Technical Conference,San Diego, CA:
  18. Parrend, P.(2009).Enhancing automated detection of vulnerabilities in Java components.Proceedings of International Conference on Availability, Reliability and Security,Fukuoka, Japan:
  19. Poelmans, J.,Ignatov, D.I.,Kuznetsov, S.O.,Dedene, G.(2013).Formal concept analysis in knowledge processing: a survey on applications.Expert systems with applications,40(16),6538-6560.
  20. Priss, U.(2011).Unix systems monitoring with FCA.Proceedings. of International Conference on Conceptual Structures,Derby, UK:
  21. Priss, U.(2007).Formal concept analysis in information science.Annual Review of Information Science and Technology,40(1),521-543.
  22. Rawat, S.,Saxena, A.(2009).Application security code analysis: a step towards software assurance.International Journal of Information and Computer Security,3(1),86-110.
  23. Rutan, N.,Almazan, C.B.,Foster, J.S.(2004).A comparison of bug finding tools in Java.Proceedings of 15th International Symposium on Software Reliability Engineering,Bretagne, France:
  24. Shahriar, H.,Zulkernine, M.(2012).Mitigating program security vulnerabilities: approaches and challenges.ACM Computing surveys,44(3)
  25. Sharma, A.,Gandhi, R.,Zhu, Q.,Mahoney, W.R.,Sousan, W.(2013).A social dimensional cyber threat model with formal concept analysis and fact-proposition inference.International Journal of Information and Computer Security,5(4),301-333.
  26. Singh, P.K.,Aswani Kumar, Ch.(2012).A method for reduction of fuzzy relation in fuzzy formal context.Mathematical Modelling and Scientific Computation,Berlin, Germany:
  27. Sobieski, S.,Zieliński, B.(2010).Modeling role hierarchy structure using the formal concept analysis.Annales UMCS Informatica,10(2),143-159.
  28. Theodoor, S.,Davide, B.,Engin, K.(2012).Have things changed now? An empirical study on input validation vulnerabilities in web applications.Computers & Security,31(3),344-356.
  29. Tripathy, B.(Ed.),Acharjya, D.(Ed.)(2014).Global Trends in Intelligent Computing Research and Development.Hershey, PA:Information Science Reference.
  30. Ying, K.,Zhang, Y.,Fang, Z.,Liu, Q.(2012).Static detection of logic vulnerabilities in Java web applications.Proceedings of 1th International Conference on Trust, Security and Privacy in Computing and Communications,Liverpool, UK:
Times Cited
  1. 施任峰(2011)。一套整合的網路應用安全分析與驗證工具。臺灣大學資訊管理學研究所學位論文。2011。1-63。