Table of Content

Open Access iconOpen Access

ARTICLE

Automatic Mining of Security-Sensitive Functions from Source Code

Lin Chen1,2, Chunfang Yang1,2,*, Fenlin Liu1,2, Daofu Gong1,2, Shichang Ding3

Zhengzhou Science and Technology Institute, Zhengzhou, 450001, China.
State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, 450001, China.
University of Göttingen, Goldschmidtstr. 7, 37077 Göttingen, Germany.

* Corresponding Author: Chunfang Yang. Email: email.

Computers, Materials & Continua 2018, 56(2), 199-210. https://doi.org/10.3970/cmc.2018.02574

Abstract

When dealing with the large-scale program, many automatic vulnerability mining techniques encounter such problems as path explosion, state explosion, and low efficiency. Decomposition of large-scale programs based on safety-sensitive functions helps solve the above problems. And manual identification of security-sensitive functions is a tedious task, especially for the large-scale program. This study proposes a method to mine security-sensitive functions the arguments of which need to be checked before they are called. Two argument-checking identification algorithms are proposed based on the analysis of two implementations of argument checking. Based on these algorithms, security-sensitive functions are detected based on the ratio of invocation instances the arguments of which have been protected to the total number of instances. The results of experiments on three well-known open-source projects show that the proposed method can outperform competing methods in the literature.

Keywords


Cite This Article

APA Style
Chen, L., Yang, C., Liu, F., Gong, D., Ding, S. (2018). Automatic mining of security-sensitive functions from source code. Computers, Materials & Continua, 56(2), 199-210. https://doi.org/10.3970/cmc.2018.02574
Vancouver Style
Chen L, Yang C, Liu F, Gong D, Ding S. Automatic mining of security-sensitive functions from source code. Comput Mater Contin. 2018;56(2):199-210 https://doi.org/10.3970/cmc.2018.02574
IEEE Style
L. Chen, C. Yang, F. Liu, D. Gong, and S. Ding "Automatic Mining of Security-Sensitive Functions from Source Code," Comput. Mater. Contin., vol. 56, no. 2, pp. 199-210. 2018. https://doi.org/10.3970/cmc.2018.02574



cc This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 2611

    View

  • 1278

    Download

  • 0

    Like

Related articles

Share Link