TWC: Small: Detection and Prevention of Prior Known Software Security Vulnerabilities

TWC：小：检测和预防先前已知的软件安全漏洞

• 批准号: 1723198
• 负责人: Tien Nguyen
• 金额: $ 28.67万
• 依托单位: University of Texas at Dallas
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-07-01 至 2018-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1723198&HistoricalAwards=false
• 关键词: TWC; Small; Detection; Prevention; Prior

Software is a critical element in a wide range of real-world applications. Attacks against computer software can cause substantial damage to the cyber-infrastructure of our modern society and economy. In fact, many new software security vulnerabilities are discovered on a daily basis. Therefore, it is vital to identify and resolve those security issues as early as possible. This research aims to investigate a scientific foundation and a novel methodology for automated detection, prevention, and resolution of prior-known software security vulnerabilities in software systems. The results will help to detect and prevent prior-known security vulnerabilities from recurring in other software systems. In this research, the key philosophy is that the software systems having the same/similar software security vulnerabilities share the protocols, algorithms, procedures, libraries, frameworks, modules, or source code with the same flaws, and they suffer the same/similar exploitation mechanisms. Based on that, empirical studies are conducted to investigate the nature and the characteristics of recurring software vulnerabilities in different software systems, and to validate that hypothesis. Based on the knowledge gained from the studies, new vulnerability models, representations, and similarity measurements are developed to capture recurring software security vulnerabilities, and the corresponding vulnerable code and exploitation mechanisms. Novel algorithms and techniques are designed to (semi-)automatically build graph-based vulnerability models from vulnerability reports and from vulnerable code and patches, aiming to construct a database of prior-known vulnerabilities. A new methodology is developed to help to identify the prior-known vulnerabilities in other systems and to suggest the resolution. Specifically, the automated methods and advances include 1) an algorithm to compare and match against vulnerability models in the database, 2) a technique to map software concepts between security reports and from a report to the corresponding source code fragments, modules, or components; 3) an algorithm to determine the modules and source file locations in the new system that correspond to the vulnerable modules and locations in a system with a prior-known vulnerability; and 4) a technique to suggest the patch to the new system from the prior fixes. In brief, the results of this research help to resolve early software security vulnerabilities. They will lead to more reliable software because the process of detecting and patching for recurring security vulnerabilities will be more efficient and effective.

软件是广泛的现实应用程序中的关键要素。针对计算机软件的攻击可能会对我们现代社会和经济的网络基础设施造成重大损害。实际上，每天都会发现许多新的软件安全漏洞。因此，至关重要的是尽早确定和解决这些安全问题。这项研究旨在调查科学基础和一种新颖的方法，用于自动检测，预防和解决软件系统中已知的软件安全漏洞的方法。结果将有助于检测和防止在其他软件系统中重复出现先前已知的安全漏洞。在这项研究中，关键理念是，具有相同/相似的软件安全漏洞的软件系统共享协议，算法，过程，库，框架，模块，模块或源代码具有相同的缺陷，并且它们具有相同/相似的利用机制。基于此，进行了经验研究，以研究不同软件系统中重复的软件漏洞的性质和特征，并验证该假设。基于从研究中获得的知识，开发了新的漏洞模型，表示和相似性测量，以捕获经常性的软件安全漏洞以及相应的脆弱代码和剥削机制。新颖的算法和技术旨在（半）自动从漏洞报告以及脆弱的代码和补丁中自动构建基于图形的漏洞模型，旨在构建先前已知漏洞的数据库。开发了一种新的方法来帮助识别其他系统中的先前已知漏洞并提出解决方案。具体而言，自动化方法和进步包括1）一种算法，以比较和与数据库中的漏洞模型进行比较和匹配，2）一种在安全报告和从报告到相应的源代码片段，模块，模块或组件之间映射软件概念的技术； 3）一种算法，用于确定与具有先验漏洞的系统中易受攻击的模块和位置相对应的新系统中的模块和源文件位置； 4）一种从先前修复程序中建议新系统的补丁的技术。简而言之，这项研究的结果有助于解决早期的软件安全漏洞。它们将导致更可靠的软件，因为检测和修补重复安全漏洞的过程将更加有效。