A Vulnerability Model Construction Method Based on Chemical Abstract Machine

作     者：LI Xiang CHEN Jinfu LIN Zhechao ZHANG Lin WANG Zibin ZHOU Minmin XIE Wanggen 

作者机构：National Key Laboratory of Science and Technology onInformation System Security Beijing 100101 China Beijing Institute of System Engineering Beijing 100101China School of Computer Science and Communication Engineering Jiangsu University Zhenjiang 212013 Jiangsu China 

出 版 物：《Wuhan University Journal of Natural Sciences》 (武汉大学学报（自然科学英文版）)

年 卷 期：2018年第23卷第2期

页      面：150-162页

核心收录：

学科分类：0839[工学-网络空间安全] 08[工学] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：Supported by the National Natural Science Foundation of China(61202110 and 61502205) the Project of Jiangsu Provincial Six Talent Peaks(XYDXXJS-016) 

主　　题：software security, vulnerability detection vulner-ability analysis vulnerability model chemical abstract machine 

摘      要：It is difficult to formalize the causes of vulnerability, and there is no effective model to reveal the causes and characteristics of vulnerability. In this paper, a vulnerability model construction method is proposed to realize the description of vulnerability attribute and the construction of a vulnerability model. A vulnerability model based on chemical abstract machine（CHAM） is constructed to realize the CHAM description of vulnerability model, and the framework of vulnerability model is also discussed. Case study is carried out to verify the feasibility and effectiveness of the proposed model. In addition, a prototype system is also designed and implemented based on the proposed vulnerability model. Experimental results show that the proposed model is more effective than other methods in the detection of software vulnerabilities.