Fig 4 - uploaded by Hyungwoo Kang
Content may be subject to copyright.
Source publication
Static analysis technology is used to find programming errors before run time. Unlike dynamic analysis technique which looks
at the application state while it is being executed, static analysis technique does not require the application to be executed.
In this paper, we classify security vulnerability patterns in source code and design a model to e...
Citations
For large scale and residual software like network service, reliability is a critical requirement. Recent research has shown
that most of network software still contains a number of bugs. Methods for automated detection of bugs in software can be
classified into static analysis based on formal verification and runtime checking based on fault injection. In this paper,
a framework for checking software security vulnerability is proposed. The framework is based on automated bug detection technologies,
i.e. static analysis and fault injection, which are complementary each other. The proposed framework provides a new direction,
in which various kinds of software can be checked its vulnerability by making use of static analysis and fault injection technology.
In experiment on proposed framework, we find unknown vulnerability as well as known vulnerability in Windows network module.
