Skip to Main Content

IEEE.org| IEEE Xplore Digital Library| IEEE Standards| IEEE Spectrum| More Sites

Cart (Loading....) | Create Account | Sign In

Author Search^beta | Advanced Search | Preferences | | More Search Options

Browse Conference Publications > Software Engineering (WCSE), ...

Research on XML Based Static Software Security Analysis

Full Text Sign-In or Purchase

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Username

Password

Purchase PDF
Other Formats

Formats	Non-Member	Member
PDF	$31	$13

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

Already Purchased? View Article
Subscription Options Learn More

5 Author(s)

Hongbo Zheng ; Sch. of Software, Dalian Univ. of Technol., Dalian, China ; Kuanjiu Zhou ; Xiaochen Lai ; Chunyan Liu
more authors

Fatal security vulnerabilities are caused by undefined behaviors of C/C++ language used in Safety-Critical software design. Software static analysis is an important technique for identifying security vulnerabilities from software code and structure. The method of static analysis based on XML intermediate model is proposed in term of safety rules. The source code is interpreted as XML intermediate model, while safety rules are translated into vulnerabilities pattern, and Xquery expression is used to locate security vulnerabilities by this method. The experimental result of a prototype system based on this method shows that this method can effectively detect the software vulnerabilities in violation of safety rules and has the advantage of supporting customization of safety rules.

Published in:
Software Engineering (WCSE), 2010 Second World Congress on (Volume:2 )

Date of Conference: 19-20 Dec. 2010

Page(s):: 141 - 144
Print ISBN:: 978-1-4244-9287-9
INSPEC Accession Number:: 11836809

Conference Location :: Wuhan
Digital Object Identifier :: 10.1109/WCSE.2010.68
Product Type:: Conference Publications

Author(s)

Hongbo Zheng
Sch. of Software, Dalian Univ. of Technol., Dalian, China
Kuanjiu Zhou ; Xiaochen Lai ; Chunyan Liu ; Zongzheng Chi

INSPEC: CONTROLLED INDEXING

C++ language

XML

program testing

safety-critical software

security of data

INSPEC: NON CONTROLLED INDEXING

C language

C++ language

XML intermediate model

Xquery expression

fatal security vulnerability

safety rule

safety-critical software design

software code

software structure

software vulnerabilities pattern

source code

static software security analysis

AUTHOR KEYWORDS

XML

Xquery

safety rules

static analysis

vulnerabilitiespattern

IEEE TERMS

Data models

Programming

Prototypes

Safety

Security

Software

XML

Referenced Items are not available for this document.

No versions found for this document.

Standards Dictionary Terms are available to subscribers only.

| Create Account

IEEE Account

Purchase Details

Profile Information

Need Help?

US & Canada: +1 800 678 4333
Worldwide: +1 732 981 0060
Contact & Support

IEEE Advancing Technology for Humanity

About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.