Family-Based Fingerprint Analysis: A Position Paper
Book chapter, 2022

Thousands of vulnerabilities are reported on a monthly basis to security repositories, such as the National Vulnerability Database. Among these vulnerabilities, software misconfiguration is one of the top 10 security risks for web applications. With this large influx of vulnerability reports, software fingerprinting has become a highly desired capability to discover distinctive and efficient signatures and recognize reportedly vulnerable software implementations. Due to the exponential worst-case complexity of fingerprint matching, designing more efficient methods for fingerprinting becomes highly desirable, especially for variability-intensive systems where optional features add another exponential factor to its analysis. This position paper presents our vision of a framework that lifts model learning and family-based analysis principles to software fingerprinting. In this framework, we propose unifying databases of signatures into a featured finite state machine and using presence conditions to specify whether and in which circumstances a given input-output trace is observed. We believe feature-based signatures can aid performance improvements by reducing the size of fingerprints under analysis.

Model Learning

Software Fingerprinting

Variability Management

Family-Based Analysis

Author

Carlos Diego N. Damasceno

Radboud University

Daniel Strüber

Radboud University

University of Gothenburg

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 13560 LNCS 137-150

Subject Categories

Software Engineering

Computer Science

Computer Systems

DOI

10.1007/978-3-031-15629-8_8

More information

Latest update

7/12/2024