Quarterly journal published in SPbPU
and edited by prof. Dmitry Zegzhda
Peter the Great St. Petersburg Polytechnic University
Institute of computer sciences and technologies
information security of computer systems
Information Security Problems. Computer Systems
Published since 1999.
ISSN 2071-8217
VULNERABILITY DETECTION IN MULTICOMPONENT SOFTWARE USING A SET OF GENERALIZED CODE GRAPH REPRESENTATIONS
G. S. Kubrin, D. P. Zegzhda Peter the Great St. Petersburg Polytechnic University
Annotation: The paper presents a survey of existing software security analysis method and their ability to detect vulnerabilities caused by errors in several software components implemented in different programming languages. A set of three generalized code graph representations is proposed for implementation of software security analysis methods with consideration for interaction between components written in different programming languages. A software security analysis system architecture and a prototype of a system that uses proposed generalized code graph representation was developed. The prototype supports analysis of software components written in PHP, C and .NET based programming languages
Keywords: software vulnerabilities detection, logical vulnerabilities, static code analysis, graph theory, multicomponent software analysis
Pages 65-75