Open Access iconOpen Access

ARTICLE

crossmark

SMINER: Detecting Unrestricted and Misimplemented Behaviors of Software Systems Based on Unit Test Cases

by Kyungmin Sim, Jeong Hyun Yi, Haehyun Cho*

School of Software, Soongsil University, Seoul, 06978, Korea

* Corresponding Author: Haehyun Cho. Email: email

Computers, Materials & Continua 2023, 75(2), 3257-3274. https://doi.org/10.32604/cmc.2023.036695

Abstract

Despite the advances in automated vulnerability detection approaches, security vulnerabilities caused by design flaws in software systems are continuously appearing in real-world systems. Such security design flaws can bring unrestricted and misimplemented behaviors of a system and can lead to fatal vulnerabilities such as remote code execution or sensitive data leakage. Therefore, it is an essential task to discover unrestricted and misimplemented behaviors of a system. However, it is a daunting task for security experts to discover such vulnerabilities in advance because it is time-consuming and error-prone to analyze the whole code in detail. Also, most of the existing vulnerability detection approaches still focus on detecting memory corruption bugs because these bugs are the dominant root cause of software vulnerabilities. This paper proposes SMINER, a novel approach that discovers vulnerabilities caused by unrestricted and misimplemented behaviors. SMINER first collects unit test cases for the target system from the official repository. Next, preprocess the collected code fragments. SMINER uses pre-processed data to show the security policies that can occur on the target system and creates a test case for security policy testing. To demonstrate the effectiveness of SMINER, this paper evaluates SMINER against Robot Operating System (ROS), a real-world system used for intelligent robots in Amazon and controlling satellites in National Aeronautics and Space Administration (NASA). From the evaluation, we discovered two real-world vulnerabilities in ROS.

Keywords


Cite This Article

APA Style
Sim, K., Yi, J.H., Cho, H. (2023). SMINER: detecting unrestricted and misimplemented behaviors of software systems based on unit test cases. Computers, Materials & Continua, 75(2), 3257-3274. https://doi.org/10.32604/cmc.2023.036695
Vancouver Style
Sim K, Yi JH, Cho H. SMINER: detecting unrestricted and misimplemented behaviors of software systems based on unit test cases. Comput Mater Contin. 2023;75(2):3257-3274 https://doi.org/10.32604/cmc.2023.036695
IEEE Style
K. Sim, J. H. Yi, and H. Cho, “SMINER: Detecting Unrestricted and Misimplemented Behaviors of Software Systems Based on Unit Test Cases,” Comput. Mater. Contin., vol. 75, no. 2, pp. 3257-3274, 2023. https://doi.org/10.32604/cmc.2023.036695



cc Copyright © 2023 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 890

    View

  • 585

    Download

  • 0

    Like

Share Link