Research On The Detection Method Of Component Security Exception Based On Monitor Logs Mining

Component-based software engineering(CBSE) has become a research focus in the field of software engineering, the emergence of CBSE not only made the software development efficiency improved to some extent, the cost of software development and maintenance has also been reduced. Due to the rapid development of component technology, more and more commercial software vendors buy and use third-party component products, including some key programs that have high requirements for security, such as military software, medical software, banking software, railway software, and finance software. Hence, ensuring component being reliable and secure becomes very important. At this stage, the problem of component security is still not well solved, and the main way to solve this problem is to test the security of a single component or component system. However, the existing component security testing methods and techniques are not perfect, due to the source code of components is hard to be obtained and the component unit is highly independent, the traditional methods of component security testing can not meet user requirements for component security testing. So the research on exception detection of component security based on monitor log is very important in theoretical and practical application.Attributes including credibility, confidentiality, availability, integrity and reliability are the criteria for judging whether a component is secure. Component vulnerability means that security defects may exist, and may threaten or damage the security of computer systems of which the components are a part. The main source of component security vulnerabilities are usually caused by the following two situations:(1) the explicit security exceptions such as stack or buffer overflow, memory leakage and illegal instruction are executed;(2) the implicit security exceptions that the running states of components’ methods violate component security specifications. According to the characteristics of explicit security exception, we propose the string-searching algorithm and present the explicit security exception detecting method. According to the characteristics of implicit security exception, we present an implicit security exception detecting method based on improved variable-length sequential pattern mining. Finally, we design and implement a prototype system of component security exception detecting based on monitor log mining. The main contributions are shown as follows.1. Based on the characteristic of the huge monitor log and the characteristic of the component explicit security exception, the string-searching algorithm and the explicit security exception detecting algorithm are proposed to detect the explicit security exception of component. Firstly, an improved string-searching algorithm(ML-Sunday algorithm) was proposed by redefining the backward moving distance of pattern string. Secondly, the corresponding explicit security exception detecting algorithm(Apriori-Detection) was proposed, then calculating the risk coefficient of each method based on the explicit exception rule and corresponding vulnerability factor in the explicit security exception rule base. Finally, the explicit security exception detecting report of component was generated according to the calculated risk coefficient.2. In order to detect the implicit security exception of component, an implicit security detecting method based on the improved variable-length sequential pattern mining is proposed. Firstly, the execution sequences of the component method from monitor log were mined. Secondly, the improved variable-length sequential pattern mining algorithm(VPM-ML) was proposed, then mining the variable-length sequential patterns from correct execution sequences and from actual execution sequences using VPM-ML algorithm. Thirdly, the sequential patterns are matched using the sequential pattern matching algorithm. Finally, the implicit security exception detecting report of component was generated based on matching results.3. A prototype testing system of component security based on monitor logs(CSTS-ML) is designed and implemented, which mainly includes three modules, i.e. monitor log analysis and processing module, explicit security exception detecting module and implicit security exception detecting module. The function for monitor log analysis and processing module mainly include the analysis of component library files, the reading and exporting of monitor log information, and mining execution sequence of component. The function for explicit security exception detecting module mainly includes the matching and positioning of abnormal string information and the mining and matching module of explicit security exception. The function for implicit security exception detecting module mainly includes the variable-length sequential pattern mining of component exception, the analysis function, and the implementation function of component explicit security exception mining.