| Item type |
Symposium(1) |
| 公開日 |
2021-08-30 |
| タイトル |
|
|
タイトル |
A Framework for Automatic Detection of Vulnerabilities in Human-Machine Pair Programming |
| タイトル |
|
|
言語 |
en |
|
タイトル |
A Framework for Automatic Detection of Vulnerabilities in Human-Machine Pair Programming |
| 言語 |
|
|
言語 |
eng |
| キーワード |
|
|
主題Scheme |
Other |
|
主題 |
安全性・セキュリティ |
| 資源タイプ |
|
|
資源タイプ識別子 |
http://purl.org/coar/resource_type/c_5794 |
|
資源タイプ |
conference paper |
| 著者所属 |
|
|
|
Hiroshima University |
| 著者所属 |
|
|
|
Hiroshima University |
| 著者所属 |
|
|
|
Hiroshima University |
| 著者所属(英) |
|
|
|
en |
|
|
Hiroshima University |
| 著者所属(英) |
|
|
|
en |
|
|
Hiroshima University |
| 著者所属(英) |
|
|
|
en |
|
|
Hiroshima University |
| 著者名 |
Pingyan, Wang
Shaoying, Liu
Ai, Liu
|
| 著者名(英) |
Pingyan, Wang
Shaoying, Liu
Ai, Liu
|
| 論文抄録 |
|
|
内容記述タイプ |
Other |
|
内容記述 |
In order to mitigate the severe consequences of security threats, many software-based systems are endeavoring to detect security vulnerabilities as early as possible in the software life cycle. In this paper, we present a framework for systematically detecting and mitigating potential security vulnerabilities during the construction of programs using a particular programming paradigm known as Human-Machine Pair Programming. The framework allows developers to address the vulnerability problem in the coding phase rather than fix it at a high price when the system is in operation. Our framework advocates three critical steps: (1) generate an attack tree to model a specific security threat, (2) construct code-matching patterns based on the result of the attack tree analysis, and (3) detect corresponding vulnerable code based on the patterns during the program construction. We also present a case study to demonstrate how it works in practice. |
| 論文抄録(英) |
|
|
内容記述タイプ |
Other |
|
内容記述 |
In order to mitigate the severe consequences of security threats, many software-based systems are endeavoring to detect security vulnerabilities as early as possible in the software life cycle. In this paper, we present a framework for systematically detecting and mitigating potential security vulnerabilities during the construction of programs using a particular programming paradigm known as Human-Machine Pair Programming. The framework allows developers to address the vulnerability problem in the coding phase rather than fix it at a high price when the system is in operation. Our framework advocates three critical steps: (1) generate an attack tree to model a specific security threat, (2) construct code-matching patterns based on the result of the attack tree analysis, and (3) detect corresponding vulnerable code based on the patterns during the program construction. We also present a case study to demonstrate how it works in practice. |
| 書誌情報 |
ソフトウェアエンジニアリングシンポジウム2021論文集
巻 2021,
p. 129-136,
発行日 2021-08-30
|
| 出版者 |
|
|
言語 |
ja |
|
出版者 |
情報処理学会 |
IPSJ-SES2021022.pdf (919.4 kB)
