| With the cloud computing technology in a variety of applications in various fields,more and more business software is deployed into the cloud environment.While cloud environment gathered a large number of business software,it also carries the vulnerabilities in each software.On the one hand,the existence of a large number of vulnerabilities not only bring serious security issues to business software,but also affect the security of cloud platform.On the other hand,the situation of published vulnerabilities cannot be repaired timely is very common.These published vulnerabilities cannot be timely repair will greatly threaten the security of the entire platform.In fact,detecting the existence of published vulnerability code accurately and efficiently in large-scale software is an urgent problem to be solved.We proposed a new semantic-based approach called SCVD for cloned vulnerable code detection for large-scale software in cloud environment.By analyzing the massive published vulnerabilities in NVD,we use the full path traversal algorithm to transform the Program Dependency Graph(PDG)into a tree structure while preserving all the semantic information carried by the PDG and apply the tree to the cloned vulnerable code detection for large-scale software in cloud environment.And we use the identifier name mapping technique to eliminate the impact of identifier name modification.While transforming the complex subgraph isomorphism problem into a simple tree similarity problem and using the identifier name mapping technique to improve the accuracy and speed of semantic-based cloned vulnerable code detection approach which can be used for large-scale software in cloud environment.The experiment results show that our approach has a significant improvement on the vulnerability detection effectiveness compared with the existing approaches which based on semantic and syntax.And compared with subgraph isomorphism approaches,SCVD has reduce the average time cost by 36.3%. |
PDF Full Text Request