一种漏洞代码语义描述语言的设计与实现. (Chinese)

Item request has been placed! ×
Item request cannot be made. ×
loading   Processing Request
Read More Add to Saved list
  • Additional Information
    • Alternate Title:
      Design and implementation of vulnerability code semantic description language. (English)
    • Abstract:
      To solve the shortcomings of the current general description language of security vulnerability source code, a formal vulnerability code semantic description language (VCSDL) was proposed and implemented based on eXtensible markup language (XML). From the perspective of vulnerability code, the unified security vulnerability code description language was defined based on the traditional security vulnerability description method to convert the unstructured vulnerability source code into structured XML file. The application of VCSDL was discussed, and the description and release of VCSDL were elaborated with the vulnerability code in Juliet vulnerability suite as example. The performance of VCSDL was compared with the other description languages. The results show that VCSDL has good universality and comprehensiveness with high structure, especially has an advantage in describing the vulnerability code attributes. VCSDL can improve the efficiencies of collection, integration and analysis of security vulnerability information. The unified model can be provided by VCSDL for exchanging information between different security tools and security vulnerability data sources, and the exchange of security vulnerability information between different security tools is facilitated. [ABSTRACT FROM AUTHOR]
    • Abstract:
      针对当前对安全漏洞源代码的通用描述语言研究的不足,基于XML (eXtensible markup language),提出了一种形式化漏洞代码语义描述语言VCSDL (vulnerability code semantic description language).这种语言在传统安全漏洞描述方法的基础上,从漏洞代码角度出发,定义了一种统一的安全漏洞代码描述语言,用于将非结构化的漏洞源代码转化为结构化的XML文件.讨论了VCSDL的应用,并以Juliet漏洞集中的漏洞代码为案例详细阐述了VCSDL的描述与发布.同时,将其与其他描述语言在性能上进行了对比分析,结果表明:VCSDL具有通用性、全面性以及高结构化等优点,尤其在描述漏洞代码属性方面极为突出,并且VCSDL能够提高安全漏洞信息的收集、整合以及漏洞分析等工作的效率,为不同的安全工具和安全漏洞数据源之间交换信息提供了一个统一模型,方便了不同安全工具之间对安全漏洞信息的交流. [ABSTRACT FROM AUTHOR]
    • Abstract:
      Copyright of Journal of Jiangsu University (Natural Science Edition) / Jiangsu Daxue Xuebao (Ziran Kexue Ban) is the property of Editorial Department of Journal of Jiangsu University (Natural Science Edition) and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)