Combining Invariant Violation with Execution Path Classification for Detecting Multiple Types of Logical Errors and Race Conditions

George Stergiopoulos; Panagiotis Katsaros; Dimitris Gritzalis; Theodore Apostolopoulos

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Combining Invariant Violation with Execution Path Classification for Detecting Multiple Types of Logical Errors and Race Conditions

Topics: Security Engineering; Security Requirements; Software Security

In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 0ICETE, 28-40, 2016 , Lisbon, Portugal

Authors: George Stergiopoulos ¹ ; Panagiotis Katsaros ² ; Dimitris Gritzalis ¹ and Theodore Apostolopoulos ¹

Affiliations: ¹ Athens University of Economics and Business (AUEB), Greece ; ² Aristotle University of Thessaloniki, Greece

Keyword(s): Code Classification, Logical Errors, Dynamic Invariants, Source Code, Execution Path, Assertions, Vulnerability, Exploit, Automatic, Analysis, Information Gain, Fuzzy Logic.

Related Ontology Subjects/Areas/Topics: Information and Systems Security ; Security Engineering ; Security in Information Systems ; Security Requirements ; Software Security

Abstract: Context: Modern automated source code analysis techniques can be very successful in detecting a priori de- fined defect patterns and security vulnerabilities. Yet, they cannot detect flaws that manifest due to erroneous translation of the software’s functional requirements into the source code. The automated detection of logical errors that are attributed to a faulty implementation of applications’ functionality, is a relatively uncharted territory. In previous research, we proposed a combination of automated analyses for logical error detection. In this paper, we develop a novel business-logic oriented method able to filter mathematical depictions of software logic in order to augment logical error detection, eliminate previous limitations in analysis and provide a formal tested logical error detection classification without subjective discrepancies. As a proof of concept, our method has been implemented in a prototype tool called PLATO that can detect various types of logical error s. Potential logical errors are thus detected that are ranked using a fuzzy logic system with two scales characterizing their impact: (i) a Severity scale, based on the execution paths’ characteristics and Information Gain, (ii) a Reliability scale, based on the measured program’s Computational Density. The method’s effectiveness is shown using diverse experiments. Albeit not without restrictions, the proposed automated analysis seems able to detect a wide variety of logical errors, while at the same time limiting the false positives. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 3.142.200.102

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Stergiopoulos, G.; Katsaros, P.; Gritzalis, D. and Apostolopoulos, T. (2016). Combining Invariant Violation with Execution Path Classification for Detecting Multiple Types of Logical Errors and Race Conditions. In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016) - SECRYPT; ISBN 978-989-758-196-0; ISSN 2184-3236, SciTePress, pages 28-40. DOI: 10.5220/0005947200280040

@conference{secrypt16,
author={George Stergiopoulos. and Panagiotis Katsaros. and Dimitris Gritzalis. and Theodore Apostolopoulos.},
title={Combining Invariant Violation with Execution Path Classification for Detecting Multiple Types of Logical Errors and Race Conditions},
booktitle={Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016) - SECRYPT},
year={2016},
pages={28-40},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005947200280040},
isbn={978-989-758-196-0},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications (ICETE 2016) - SECRYPT
TI - Combining Invariant Violation with Execution Path Classification for Detecting Multiple Types of Logical Errors and Race Conditions
SN - 978-989-758-196-0
IS - 2184-3236
AU - Stergiopoulos, G.
AU - Katsaros, P.
AU - Gritzalis, D.
AU - Apostolopoulos, T.
PY - 2016
SP - 28
EP - 40
DO - 10.5220/0005947200280040
PB - SciTePress