The Design And Implement Of System Vulnerabilities Detecting Tool Based On Attack Pattern

The requirement of software application on security become higher as the importance of Internet grows. The security software engineering produces some methods and standards to develop security software which need to construct an extendable secure software development environment to provide security support in every phase of the software development. This paper researches the methods and tools of checking software system vulnerabilities in the design and coding phase.We abstract the process of attacking the software into attack patterns and build those attack patterns into various system vulnerability checking models according to their different expressions. And those models are used to perform security checking in design and coding phase. The paper builds an attack pattern base which can be used to be observed by the developers to propagate security knowledge as well as storing the information of attack patterns.The system vulnerability checking tools used in design and coding phase is constructed on the Eclipse as a plug-in. The checking tool used in design phase models the attack pattern into a sequence of system components that appears in an attack. Then it compares the system components information gained by analyzing the class diagram and the model to complete the security checking of the design of class diagram. The checking tool used in coding phase models the attack pattern expressed with finite state automation. Then it models the program into a push down automaton with the program's control flow graph. Finally, model checking is introduced to check those two models and determine whether there are security vulnerabilities according to the checking result.This tool operates well in finding potential security problems in design and coding files and constructing more security software and decreasing the flaws in source code. It also greatly reduces the cost of developing security software.