Skip to main content

A novel approach for software vulnerability classification

Publication ,  Conference
Li, X; Chang, X; Board, JA; Trivedi, KS
Published in: Proceedings - Annual Reliability and Maintainability Symposium
March 29, 2017

Software vulnerability analysis plays a critical role in the prevention and mitigation of software security attacks, and vulnerability classification constitutes a key part of this analysis. This paper proposes a new approach for software vulnerability classification, which is based on vulnerability characteristics including accumulation of errors or resources consumption, strict timing requirement and complex interactions between environment and software. We also present seven attack patterns and explore the mapping between vulnerability types and attack patterns. The proposed methods are used to analyze the vulnerabilities and the corresponding attacks reported by Google Project Zero. Examples of applying our classification approach to specific vulnerabilities are presented, together with a statistical analysis of the occurrence of different types of vulnerabilities. These results allow us to have a better understanding of software vulnerabilities and how they can be exploited, leading in the future to strategies to better equip programmers to avoid introducing them, and also helping us to formulate effective countermeasures. We make three observations regarding software vulnerability classification: 1) Mandel vulnerabilities, especially NMVs (Non-Aging-related Mandel Vulnerabilities), account for the largest share of all classified vulnerabilities. 2) It takes more time and complex strategies to fix NMVs. 3) The major goal for attackers is to get elevation of privilege from a target system. The main cause of vulnerabilities is improper validation mechanisms.

Duke Scholars

Published In

Proceedings - Annual Reliability and Maintainability Symposium

DOI

ISSN

0149-144X

ISBN

9781509052844

Publication Date

March 29, 2017
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Li, X., Chang, X., Board, J. A., & Trivedi, K. S. (2017). A novel approach for software vulnerability classification. In Proceedings - Annual Reliability and Maintainability Symposium. https://doi.org/10.1109/RAM.2017.7889792
Li, X., X. Chang, J. A. Board, and K. S. Trivedi. “A novel approach for software vulnerability classification.” In Proceedings - Annual Reliability and Maintainability Symposium, 2017. https://doi.org/10.1109/RAM.2017.7889792.
Li X, Chang X, Board JA, Trivedi KS. A novel approach for software vulnerability classification. In: Proceedings - Annual Reliability and Maintainability Symposium. 2017.
Li, X., et al. “A novel approach for software vulnerability classification.” Proceedings - Annual Reliability and Maintainability Symposium, 2017. Scopus, doi:10.1109/RAM.2017.7889792.
Li X, Chang X, Board JA, Trivedi KS. A novel approach for software vulnerability classification. Proceedings - Annual Reliability and Maintainability Symposium. 2017.

Published In

Proceedings - Annual Reliability and Maintainability Symposium

DOI

ISSN

0149-144X

ISBN

9781509052844

Publication Date

March 29, 2017