2024-03-29T01:37:31Zhttps://ipsj.ixsq.nii.ac.jp/ej/?action=repository_oaipmhoai:ipsj.ixsq.nii.ac.jp:002126952023-11-14T00:51:14Z06164:06165:06522:10650
A Framework for Automatic Detection of Vulnerabilities in Human-Machine Pair ProgrammingA Framework for Automatic Detection of Vulnerabilities in Human-Machine Pair Programmingeng安全性・セキュリティhttp://id.nii.ac.jp/1001/00212589/Conference Paperhttps://ipsj.ixsq.nii.ac.jp/ej/?action=repository_action_common_download&item_id=212695&item_no=1&attribute_id=1&file_no=1Copyright (c) 2021 by the Information Processing Society of JapanHiroshima UniversityHiroshima UniversityHiroshima UniversityPingyan, WangShaoying, LiuAi, LiuIn order to mitigate the severe consequences of security threats, many software-based systems are endeavoring to detect security vulnerabilities as early as possible in the software life cycle. In this paper, we present a framework for systematically detecting and mitigating potential security vulnerabilities during the construction of programs using a particular programming paradigm known as Human-Machine Pair Programming. The framework allows developers to address the vulnerability problem in the coding phase rather than fix it at a high price when the system is in operation. Our framework advocates three critical steps: (1) generate an attack tree to model a specific security threat, (2) construct code-matching patterns based on the result of the attack tree analysis, and (3) detect corresponding vulnerable code based on the patterns during the program construction. We also present a case study to demonstrate how it works in practice.In order to mitigate the severe consequences of security threats, many software-based systems are endeavoring to detect security vulnerabilities as early as possible in the software life cycle. In this paper, we present a framework for systematically detecting and mitigating potential security vulnerabilities during the construction of programs using a particular programming paradigm known as Human-Machine Pair Programming. The framework allows developers to address the vulnerability problem in the coding phase rather than fix it at a high price when the system is in operation. Our framework advocates three critical steps: (1) generate an attack tree to model a specific security threat, (2) construct code-matching patterns based on the result of the attack tree analysis, and (3) detect corresponding vulnerable code based on the patterns during the program construction. We also present a case study to demonstrate how it works in practice.ソフトウェアエンジニアリングシンポジウム2021論文集20211291362021-08-302021-08-26