On building a dynamic security vulnerability detection system using program monitoring technique

• Main Author: Yang, Zhenrong
• Format: Others
• Published: 2008
• Online Access: http://spectrum.library.concordia.ca/976019/1/MR40905.pdf; Yang, Zhenrong <http://spectrum.library.concordia.ca/view/creators/Yang=3AZhenrong=3A=3A.html> (2008) On building a dynamic security vulnerability detection system using program monitoring technique. Masters thesis, Concordia University.

This thesis presents a dynamic security vulnerability detection framework that sets up an infrastructure for automatic security testing of Free and Open Source Software (FOSS) projects. It makes three contributions to the design and implementation of a dynamic vulnerability detection system. Firstly, a mathematical model called Team Edit Automata is defined and implemented for security property specification. Secondly, an automatic code instrumentation tool is designed and implemented by extending the GNU Compiler Collection (GCC). The extension facilitates seamless integration of code instrumentation into FOSS projects' existing build system. Thirdly, a dynamic vulnerability detection system is prototyped to integrate the aforementioned two techniques. Experiments with the system are elaborated to automatically build, execute, and detect vulnerabilities of FOSS projects. Overall, this research demonstrates that monitoring program with Team Edit Automata can effectively detect security property violation.