A Framework for Modeling and Detecting Security Vulnerabilities in Human-Machine Pair Programming

To detect and mitigate security vulnerabilities early in the coding phase is an important strategy for secure software development. Existing solutions typically focus on finding certain vulnerabilities in certain computer systems without giving a systematic way of handling different types of vulnerabilities. In this paper, we present a framework for systematically modeling and detecting potential security vulnerabilities during the construction of programs using a particular programming paradigm known as Human-Machine Pair Programming. The framework provides designers with a general way of modeling a class of attacks in detail, and shows how programmers can discover and fix a vulnerability in a timely manner. Specifically, our framework advocates three primary steps: (1) generating an attack tree to model a given security threat, (2) constructing vulnerability-matching patterns based on the result of the attack tree analysis, and (3) detecting corresponding vulnerabilities based on the patterns during the program construction. We also present a case study to demonstrate how it works in practice.