%0 Conference Proceedings
%T Using testing techniques for vulnerability detection in C programs
%+ Méthodes et modèles pour les réseaux (METHODES-SAMOVAR)
%+ Département Logiciels et Réseaux (LOR)
%+ Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR)
%+ Centre National de la Recherche Scientifique (CNRS)
%+ Montimage (EURL) [Paris]
%A Mammar, Amel
%A Cavalli, Ana Rosa
%A Jimenez Freitez, Willy Ronald
%A Mallouli, Wissam
%A Montes de Oca, Edgardo
%< avec comité de lecture
%Z 11502
%( Lecture Notes in Computer Science
%B 23th International Conference on Testing Software and Systems (ICTSS)
%C Paris, France
%Y Burkhartt Wolff
%Y Fatiha Zaïdi
%I Springer
%3 Testing Software and Systems
%V LNCS-7019
%P 80-96
%8 2011-11-07
%D 2011
%R 10.1007/978-3-642-24580-0_7
%K Dynamic code analysis
%K Vulnerabilities detection
%K Passive testing
%Z Computer Science [cs]/Software Engineering [cs.SE]Conference papers
%X This paper presents a technique for vulnerability detection in C programs. It is based on a vulnerability formal model called "Vulnerability Detection Conditions" (VDCs). This model is used together with passive testing techniques for the automatic detection of vulnerabilities. The proposed technique has been implemented in a dynamic code analysis tool, TestInv-Code, which detects the presence of vulnerabilities on a given code, by checking dynamically the VDCs on the execution traces of the given program. The tool has been applied to several C applications containing some well known vulnerabilities to illustrate its effectiveness. It has also been compared with existing tools in the market, showing promising performances
%G English
%Z TC 6
%Z WG 6.1
%2 https://hal.science/hal-01303013/document
%2 https://hal.science/hal-01303013/file/978-3-642-24580-0_7_Chapter.pdf
%L hal-01303013
%U https://hal.science/hal-01303013
%~ INSTITUT-TELECOM
%~ CNRS
%~ TELECOM-SUDPARIS
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC6
%~ IFIP-WG6-1
%~ IFIP-ICTSS
%~ IFIP-LNCS-7019
%~ INSTITUTS-TELECOM
%~ TSP-DISSEM
%~ TSP-DIEGO