loading
Papers

Research.Publish.Connect.

Paper

Paper Unlock

Authors: George Stergiopoulos 1 ; Panagiotis Katsaros 2 ; Dimitris Gritzalis 1 and Theodore Apostolopoulos 1

Affiliations: 1 Athens University of Economics and Business (AUEB), Greece ; 2 Aristotle University of Thessaloniki, Greece

ISBN: 978-989-758-196-0

Keyword(s): Code Classification, Logical Errors, Dynamic Invariants, Source Code, Execution Path, Assertions, Vulnerability, Exploit, Automatic, Analysis, Information Gain, Fuzzy Logic.

Related Ontology Subjects/Areas/Topics: Information and Systems Security ; Security Engineering ; Security in Information Systems ; Security Requirements ; Software Security

Abstract: Context: Modern automated source code analysis techniques can be very successful in detecting a priori de- fined defect patterns and security vulnerabilities. Yet, they cannot detect flaws that manifest due to erroneous translation of the software’s functional requirements into the source code. The automated detection of logical errors that are attributed to a faulty implementation of applications’ functionality, is a relatively uncharted territory. In previous research, we proposed a combination of automated analyses for logical error detection. In this paper, we develop a novel business-logic oriented method able to filter mathematical depictions of software logic in order to augment logical error detection, eliminate previous limitations in analysis and provide a formal tested logical error detection classification without subjective discrepancies. As a proof of concept, our method has been implemented in a prototype tool called PLATO that can detect various types of logical errors . Potential logical errors are thus detected that are ranked using a fuzzy logic system with two scales characterizing their impact: (i) a Severity scale, based on the execution paths’ characteristics and Information Gain, (ii) a Reliability scale, based on the measured program’s Computational Density. The method’s effectiveness is shown using diverse experiments. Albeit not without restrictions, the proposed automated analysis seems able to detect a wide variety of logical errors, while at the same time limiting the false positives. (More)

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 34.204.173.45

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Stergiopoulos, G.; Katsaros, P.; Gritzalis, D. and Apostolopoulos, T. (2016). Combining Invariant Violation with Execution Path Classification for Detecting Multiple Types of Logical Errors and Race Conditions.In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016) ISBN 978-989-758-196-0, pages 28-40. DOI: 10.5220/0005947200280040

@conference{secrypt16,
author={George Stergiopoulos. and Panagiotis Katsaros. and Dimitris Gritzalis. and Theodore Apostolopoulos.},
title={Combining Invariant Violation with Execution Path Classification for Detecting Multiple Types of Logical Errors and Race Conditions},
booktitle={Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)},
year={2016},
pages={28-40},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005947200280040},
isbn={978-989-758-196-0},
}

TY - CONF

JO - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)
TI - Combining Invariant Violation with Execution Path Classification for Detecting Multiple Types of Logical Errors and Race Conditions
SN - 978-989-758-196-0
AU - Stergiopoulos, G.
AU - Katsaros, P.
AU - Gritzalis, D.
AU - Apostolopoulos, T.
PY - 2016
SP - 28
EP - 40
DO - 10.5220/0005947200280040

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.