SMINER:Detecting Unrestricted and Misimplemented Behaviors of Software Systems Based on Unit Test Cases

作     者：Kyungmin Sim Jeong Hyun Yi Haehyun Cho 

作者机构：School of SoftwareSoongsil UniversitySeoul06978Korea 

出 版 物：《Computers, Materials & Continua》 (计算机、材料和连续体（英文）)

年 卷 期：2023年第75卷第5期

页      面：3257-3274页

核心收录：

学科分类：08[工学] 0837[工学-安全科学与工程] 0835[工学-软件工程] 0811[工学-控制科学与工程] 0812[工学-计算机科学与技术（可授工学、理学学位）] 081202[工学-计算机软件与理论] 

基　　金：This work was supported in part by the National Research Foundation of Korea(NRF)funded by the Ministry of Science and ICT(MSIT) Future Planning under Grant NRF-2020R1A2C2014336 and Grant NRF-2021R1A4A1029650 

主　　题：Security vulnerability test case generation security policy test robot operating system vulnerability assessment 

摘      要：Despite the advances in automated vulnerability detection approaches,security vulnerabilities caused by design flaws in software systems are continuously appearing in real-world *** security design flaws can bring unrestricted and misimplemented behaviors of a system and can lead to fatal vulnerabilities such as remote code execution or sensitive data ***,it is an essential task to discover unrestricted and misimplemented behaviors of a ***,it is a daunting task for security experts to discover such vulnerabilities in advance because it is timeconsuming and error-prone to analyze the whole code in ***,most of the existing vulnerability detection approaches still focus on detecting memory corruption bugs because these bugs are the dominant root cause of software *** paper proposes SMINER,a novel approach that discovers vulnerabilities caused by unrestricted and misimplemented *** first collects unit test cases for the target system from the official ***,preprocess the collected code *** uses pre-processed data to show the security policies that can occur on the target system and creates a test case for security policy *** demonstrate the effectiveness of SMINER,this paper evaluates SMINER against Robot Operating System(ROS),a real-world system used for intelligent robots in Amazon and controlling satellites in National Aeronautics and Space Administration(NASA).From the evaluation,we discovered two real-world vulnerabilities in ROS.