Open Access Open Access  Restricted Access Subscription Access

A Framework for Modeling and Detecting Security Vulnerabilities in Human-Machine Pair Programming

Pingyan Wang,
Shaoying Liu,
Ai Liu,
Fatiha Zaidi,

Abstract


To detect and mitigate security vulnerabilities early in the coding phase is an important strategy for secure software development. Existing solutions typically focus on finding certain vulnerabilities in certain computer systems without giving a systematic way of handling different types of vulnerabilities. In this paper, we present a framework for systematically modeling and detecting potential security vulnerabilities during the construction of programs using a particular programming paradigm known as Human-Machine Pair Programming. The framework provides designers with a general way of modeling a class of attacks in detail, and shows how programmers can discover and fix a vulnerability in a timely manner. Specifically, our framework advocates three primary steps: (1) generating an attack tree to model a given security threat, (2) constructing vulnerability-matching patterns based on the result of the attack tree analysis, and (3) detecting corresponding vulnerabilities based on the patterns during the program construction. We also present a case study to demonstrate how it works in practice.

Keywords


Security vulnerabilities, Human-machine pair programming, Attack trees, Static analysis

Citation Format:
Pingyan Wang, Shaoying Liu, Ai Liu, Fatiha Zaidi, "A Framework for Modeling and Detecting Security Vulnerabilities in Human-Machine Pair Programming," Journal of Internet Technology, vol. 23, no. 5 , pp. 1129-1138, Sep. 2022.

Full Text:

PDF

Refbacks

  • There are currently no refbacks.





Published by Executive Committee, Taiwan Academic Network, Ministry of Education, Taipei, Taiwan, R.O.C
JIT Editorial Office, Office of Library and Information Services, National Dong Hwa University
No. 1, Sec. 2, Da Hsueh Rd., Shoufeng, Hualien 974301, Taiwan, R.O.C.
Tel: +886-3-931-7314  E-mail: jit.editorial@gmail.com