SMINER:Detecting Unrestricted and Misimplemented Behaviors of Software Systems Based on Unit Test Cases
作者机构:School of SoftwareSoongsil UniversitySeoul06978Korea
出 版 物:《Computers, Materials & Continua》 (计算机、材料和连续体(英文))
年 卷 期:2023年第75卷第5期
页 面:3257-3274页
核心收录:
学科分类:08[工学] 0837[工学-安全科学与工程] 0835[工学-软件工程] 0811[工学-控制科学与工程] 0812[工学-计算机科学与技术(可授工学、理学学位)] 081202[工学-计算机软件与理论]
基 金:This work was supported in part by the National Research Foundation of Korea(NRF)funded by the Ministry of Science and ICT(MSIT) Future Planning under Grant NRF-2020R1A2C2014336 and Grant NRF-2021R1A4A1029650
主 题:Security vulnerability test case generation security policy test robot operating system vulnerability assessment
摘 要:Despite the advances in automated vulnerability detection approaches,security vulnerabilities caused by design flaws in software systems are continuously appearing in real-world *** security design flaws can bring unrestricted and misimplemented behaviors of a system and can lead to fatal vulnerabilities such as remote code execution or sensitive data ***,it is an essential task to discover unrestricted and misimplemented behaviors of a ***,it is a daunting task for security experts to discover such vulnerabilities in advance because it is timeconsuming and error-prone to analyze the whole code in ***,most of the existing vulnerability detection approaches still focus on detecting memory corruption bugs because these bugs are the dominant root cause of software *** paper proposes SMINER,a novel approach that discovers vulnerabilities caused by unrestricted and misimplemented *** first collects unit test cases for the target system from the official ***,preprocess the collected code *** uses pre-processed data to show the security policies that can occur on the target system and creates a test case for security policy *** demonstrate the effectiveness of SMINER,this paper evaluates SMINER against Robot Operating System(ROS),a real-world system used for intelligent robots in Amazon and controlling satellites in National Aeronautics and Space Administration(NASA).From the evaluation,we discovered two real-world vulnerabilities in ROS.