A secure-coding and vulnerability check system based on smart-fuzzing and exploit

摘要

Due to recent development in the IT industry, there has been an increase in the use of software in various fields and accordingly, the frequency of usage of open source software has increased and it is being used in a wide range. However, with the increase in the use of open source software, we can be exposed to the various problems based on the weakness of open source. The weakness of heartbleed 'OpenSSL' has actually brought about much damage world-wide. In addition, as the open source software makes a lot of increases in quantity and has the property of the unprofessional and similar development, it is not proper to apply the existing secure code checking system. It means that the checking system faster than the existing secure coding checking system is required to meet the demand of the fast growing open source software market. This requires the code based analysis which is proper for not the simple static analysis but for the cloud computing. In addition, to make up for the unprofessional and similar development, the secure code checking system based on the smart fuzzing like neuro fuzzy is required. Thus, in this paper, we have suggested a smart fuzzing system made in connection to the black box and white box test which can effectively detect/distinguish the weakness of software and also suggested a way to verify whether it is exploitable and a way to automatically produce exploit through this. Also mis-detection and un-detection was minimized and a weakness analysis method based on symbols was applied to accurately detect security weakness. The suggested system can secure reliability of the open source software by deducting the reason for security weakness of open source software which is used in various industries and can prevent weaknesses earlier on in open source software made afterwards. Also, it is expected to enhance the reliability of the open source software developer and the company using it. (C) 2017 Published by Elsevier B.V.