Login
Register
Submit a Paper
Propose a Special lssue
Open Access
ARTICLE
SMINER: Detecting Unrestricted and Misimplemented Behaviors of Software Systems Based on Unit Test Cases
School of Software, Soongsil University, Seoul, 06978, Korea
* Corresponding Author: Haehyun Cho. Email:
Computers, Materials & Continua 2023, 75(2), 3257-3274. https://doi.org/10.32604/cmc.2023.036695
Received 09 October 2022; Accepted 15 January 2023; Issue published 31 March 2023
View Full Text
Download PDFAbstract
Despite the advances in automated vulnerability detection approaches, security vulnerabilities caused by design flaws in software systems are continuously appearing in real-world systems. Such security design flaws can bring unrestricted and misimplemented behaviors of a system and can lead to fatal vulnerabilities such as remote code execution or sensitive data leakage. Therefore, it is an essential task to discover unrestricted and misimplemented behaviors of a system. However, it is a daunting task for security experts to discover such vulnerabilities in advance because it is time-consuming and error-prone to analyze the whole code in detail. Also, most of the existing vulnerability detection approaches still focus on detecting memory corruption bugs because these bugs are the dominant root cause of software vulnerabilities. This paper proposes SMINER, a novel approach that discovers vulnerabilities caused by unrestricted and misimplemented behaviors. SMINER first collects unit test cases for the target system from the official repository. Next, preprocess the collected code fragments. SMINER uses pre-processed data to show the security policies that can occur on the target system and creates a test case for security policy testing. To demonstrate the effectiveness of SMINER, this paper evaluates SMINER against Robot Operating System (ROS), a real-world system used for intelligent robots in Amazon and controlling satellites in National Aeronautics and Space Administration (NASA). From the evaluation, we discovered two real-world vulnerabilities in ROS.Keywords
Security vulnerability; test case generation; security policy test; robot operating system; vulnerability assessment
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Downloads
Citation Tools
