TY  - EJOU
AU  - Chen, Lin  
AU  - Yang, Chunfang  
AU  - Liu, Fenlin  
AU  - Gong, Daofu  
AU  - Ding, Shichang  

TI  - Automatic Mining of Security-Sensitive Functions from Source Code
T2  - Computers, Materials \& Continua

PY  - 2018
VL  - 56
IS  - 2
SN  - 1546-2226

AB  - When dealing with the large-scale program, many automatic vulnerability mining techniques encounter such problems as path explosion, state explosion, and low efficiency. Decomposition of large-scale programs based on safety-sensitive functions helps solve the above problems. And manual identification of security-sensitive functions is a tedious task, especially for the large-scale program. This study proposes a method to mine security-sensitive functions the arguments of which need to be checked before they are called. Two argument-checking identification algorithms are proposed based on the analysis of two implementations of argument checking. Based on these algorithms, security-sensitive functions are detected based on the ratio of invocation instances the arguments of which have been protected to the total number of instances. The results of experiments on three well-known open-source projects show that the proposed method can outperform competing methods in the literature.
KW  - Code mining
KW  -  vulnerabilities
KW  -  static analysis
KW  -  security-sensitive function
KW  -  source code

DO  - 10.3970/cmc.2018.02574