| There are two issues to be addressed in software security areas: software vulnerabilities detection and hazard degree assessment of software vulnerabilities. Software vulnerability detection techniques include static analysis and dynamic analysis mainly. Compared with static analysis and dynamic analysis, static analysis technique has higher efficiency and lower false negative rate. However, most existing software vulnerabilities static detection tools are aimed at detecting a certain type of vulnerability. It cannot be flexible to detect the emerging vulnerabilities. Hazard degree assessment methods of software vulnerabilities can be divided into three types: qualitative assessment, quantitative assessment and the combination of qualitative and quantitative assessment. At present, there are many mature, standardized assessment systems, but most of them only assess a single vulnerability, and cannot consider the impact which was brought by multi-step attack brought.Software security assessment can be divided into two steps: software vulnerabilities detection and system assessment. Vulnerability detection method is based on pattern matching which is a kind of technique to find vulnerabilities. First of all, the system parses the test program source code, and then converts the code to intermediate representation which is a set of custom data structures and stores in the memory. Secondly, users can use the Security Rule Description Language to describe the security vulnerabilities, and then the system parses security rules, to convert it into a corresponding automatic machine model. Finally, the intermediate representation of source code and the parsed security rules will be compared by pattern matching. After that, automatic machine state will be changed, and then the system will submit bug reports to users according the automaton state. Taking into account the potential harm on the system caused by the joint use of multiple vulnerabilities, we put forward the concept of relevance vulnerability. Firstly, the system extracts the relevance features from the relevance vulnerability mode library. Then, it scans the list of vulnerabilities reports and puts vulnerabilities together as a set to store in relevance vulnerabilities list which match a particular relevance vulnerability pattern. The list of vulnerabilities reports can be divided into a plurality of relevance vulnerability sets and a non- relevance vulnerability set by repeatedly scanning the list of vulnerabilities reports. Finally, the system calculates weight factors of each relevance vulnerability support by CVSS, and then makes a comprehensive assessment of the system based on the weight factor and the division of the vulnerability report list.The experimental results show that the Security Rule Description Language can describe various forms of vulnerabilities. And it has low omission rate, good scalability, and less time-consuming. Meanwhile, software security assessment does better than the same type of assessment tools in assessing multi-step attack. |
PDF Full Text Request