Many access control patterns, both positive and negative, have been identified in the past. However, there is little research describing how to leverage those patterns for the detection of access control bugs in code....
详细信息
ISBN:
(纸本)9781450356664
Many access control patterns, both positive and negative, have been identified in the past. However, there is little research describing how to leverage those patterns for the detection of access control bugs in code. Many software bug detection models and frameworks for access control exist, however most of these approaches and tools are process-based and suffer from many limitations. We propose a framework to detect access control bugs based on code pattern detection. Our framework will mine and generate bug patterns, detect those patterns in code, and calculate a vulnerability measure of software. Based on our knowledge we are the first pattern-based model for the detection and measurement of bugs in software. As a proof of concept, we perform a case study of the relational database access control pattern "Improper Authorization''.
暂无评论