Software model checking based on abstraction-refinement has recently achieved widespread success in verifying API conformance in device drivers, and we believe this success can be replicated for the problem of buffer overflow detection. This paper presents a publicly-available benchmark suite to help guide and evaluate this research. The benchmark consists of 298 code fragments of varying complexity capturing 22 buffer overflow vulnerabilities in 12 open source applications. We give a preliminary evaluation of the benchmark using the SatAbs model checker.

Analysis at the level of a runtime architecture matches the way experts reason about security or privacy better than a purely code-based strategy. However, the architecture must still be correctly realized in the implementation. We previously developed Scholia to analyze, at compile time, communication integrity between arbitrary object-oriented code, and a rich, hierarchical intended runtime architecture, using typecheckable annotations. This paper applies Scholia to security runtime architectures. Having established traceability between the target architecture and the code, we extend Scholia to enforce structural architectural constraints. At the code level, annotations enforce local, modular constraints. At the architectural level, predicates enforce global constraints. We validate the end-to-end approach in practice using a real 3,000-line Java implementation, and enforce its conformance to a security architecture designed by an expert.

Abstract—Programmers using an API often must follow protocols that specify when it is legal to call particular methods. Several techniques have been proposed to find violations of such protocols based on mined specifications. However, existing techniques either focus on single-object protocols or on particular kinds of bugs, such as missing method calls. There is no practical technique to find multi-object protocol bugs without a priori known specifications. In this paper, we combine a dynamic analysis that infers multi-object protocols and a static checker of API usage constraints into a fully automatic protocol conformance checker. The combined system statically detects illegal uses of an API without human-written specifications. Our approach finds 41 bugs and code smells in mature, real-world Java programs with a true positive rate of 51%. Furthermore, we show that the analysis reveals bugs not found by state of the art approaches. Keywords-Typestate; Static analysis; Specification mining I.

Today’s programs are implemented in a variety of languages and contain serious vulnerabilities which can be exploited to cause security breaches. These vulnerabilities have been exploited in real life and resulted in damages to related stakeholders such as program users. As most vulnerabilities belong to program code, many techniques have been applied to mitigate vulnerabilities before and after program deployment. Unfortunately, there is no comprehensive comparative analysis of different vulnerability mitigation works. As a result, there exists an obscure mapping between the techniques, the addressed vulnerabilities, and the limitations of different approaches. This paper attempts to address these issues. The paper extensively compares and contrasts the existing program security vulnerability mitigation (testing, static analysis, and hybrid analysis) and monitoring techniques. We also discuss other techniques employed to mitigate the most common program security vulnerabilities: secure programming, patching, and program transformation. The survey provides a comprehensive understanding of the current program vulnerability mitigation approaches and challenges as well as their key characteristics and limitations. Moreover, our discussion highlights the open issues and future research directions in the area of program security vulnerability mitigation and monitoring. i Table of Contents