TWC: Small: Detection and Prevention of Prior Known Software Security Vulnerabilities

TWC：小：检测和预防先前已知的软件安全漏洞

• 批准号: 1723198
• 负责人: Tien Nguyen
• 金额: $ 28.67万
• 依托单位: University of Texas at Dallas
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-07-01 至 2018-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1723198&HistoricalAwards=false
• 关键词: TWC; Small; Detection; Prevention; Prior

Software is a critical element in a wide range of real-world applications. Attacks against computer software can cause substantial damage to the cyber-infrastructure of our modern society and economy. In fact, many new software security vulnerabilities are discovered on a daily basis. Therefore, it is vital to identify and resolve those security issues as early as possible. This research aims to investigate a scientific foundation and a novel methodology for automated detection, prevention, and resolution of prior-known software security vulnerabilities in software systems. The results will help to detect and prevent prior-known security vulnerabilities from recurring in other software systems. In this research, the key philosophy is that the software systems having the same/similar software security vulnerabilities share the protocols, algorithms, procedures, libraries, frameworks, modules, or source code with the same flaws, and they suffer the same/similar exploitation mechanisms. Based on that, empirical studies are conducted to investigate the nature and the characteristics of recurring software vulnerabilities in different software systems, and to validate that hypothesis. Based on the knowledge gained from the studies, new vulnerability models, representations, and similarity measurements are developed to capture recurring software security vulnerabilities, and the corresponding vulnerable code and exploitation mechanisms. Novel algorithms and techniques are designed to (semi-)automatically build graph-based vulnerability models from vulnerability reports and from vulnerable code and patches, aiming to construct a database of prior-known vulnerabilities. A new methodology is developed to help to identify the prior-known vulnerabilities in other systems and to suggest the resolution. Specifically, the automated methods and advances include 1) an algorithm to compare and match against vulnerability models in the database, 2) a technique to map software concepts between security reports and from a report to the corresponding source code fragments, modules, or components; 3) an algorithm to determine the modules and source file locations in the new system that correspond to the vulnerable modules and locations in a system with a prior-known vulnerability; and 4) a technique to suggest the patch to the new system from the prior fixes. In brief, the results of this research help to resolve early software security vulnerabilities. They will lead to more reliable software because the process of detecting and patching for recurring security vulnerabilities will be more efficient and effective.

软件是各种实际应用中的关键要素。针对计算机软件的攻击可能会对现代社会和经济的网络基础设施造成重大损害。事实上，每天都会发现许多新的软件安全漏洞。因此，尽早识别并解决这些安全问题至关重要。本研究旨在研究自动检测、预防和解决软件系统中已知软件安全漏洞的科学基础和新颖方法。结果将有助于检测并防止先前已知的安全漏洞在其他软件系统中再次出现。在这项研究中，关键理念是具有相同/相似软件安全漏洞的软件系统共享具有相同缺陷的协议、算法、程序、库、框架、模块或源代码，并且它们遭受相同/相似的利用机制。在此基础上，进行实证研究，调查不同软件系统中重复出现的软件漏洞的性质和特征，并验证该假设。基于从研究中获得的知识，开发了新的漏洞模型、表示和相似性测量，以捕获重复出现的软件安全漏洞以及相应的易受攻击的代码和利用机制。新颖的算法和技术旨在从漏洞报告以及易受攻击的代码和补丁（半）自动构建基于图形的漏洞模型，旨在构建先前已知漏洞的数据库。开发了一种新的方法来帮助识别其他系统中先前已知的漏洞并提出解决方案。具体来说，自动化方法和进步包括1）一种与数据库中的漏洞模型进行比较和匹配的算法，2）一种在安全报告之间映射软件概念以及从报告到相应的源代码片段、模块或组件的技术； 3) 确定新系统中与具有先前已知漏洞的系统中的易受攻击模块和位置相对应的模块和源文件位置的算法； 4) 一种根据先前的修复建议对新系统进行补丁的技术。简而言之，这项研究的结果有助于解决早期的软件安全漏洞。它们将带来更可靠的软件，因为检测和修补重复出现的安全漏洞的过程将更加高效和有效。