Towards Integration of Syntactic and Semantic Vulnerability PatternsFAACS 2024
This paper advances the field of software security by proposing an integrated approach for analysing both syntactic and semantic vulnerability patterns. Utilising a detailed vulnerability and attack library alongside a verification tool for language-neutral threat assessment, this study enhances the detection and mitigation of security threats in diverse programming environments. The research builds upon and refines previous work by employing Structured Threat Information eXpression (STIX) objects and XPath for syntactic analysis and introduces advanced semantic error detection techniques. A specialised tool developed and demonstrated previously to model vulnerability patterns from the MITRE database for comprehensive analysis to demonstrate the practical application of this research is now enhanced to add new features. This paper outlines the enhancements in the integrated analysis tool and shows its current features of detecting semantic vulnerability patterns using Infer. It also gives details of future development plans, which is the development of a web version, aiming to increase accessibility and utility. Highlighting the significance of a holistic vulnerability analysis approach, the research underscores the potential for future applications in securing open-source projects and broader software development practices.