MetaCart Sign in to MyCiteSeerX

Include Citations | Advanced Search | Help

Disambiguated Search | Include Citations | Advanced Search | Help

Automatic Vulnerability Detection Using Static Source Code Analysis (2005) [1 citations — 0 self]

by Alexander Sotirov
Add To MetaCart

Abstract:

We present a static source analysis technique for vulnerability detection in C programs. Our approach is based on a combination of taint analysis, a well known vulnerability detection method, and value range propagation, a technique previously used for compiler optimizations. We examine a sample set of vulnerabilities and develop a vulnerability classification based on common source code patterns. We identify three common characteristics present in most software vulnerabilities: one, data is read from an untrusted source, two, untrusted data is insufficiently validated, and three, untrusted data is used in a potentially vulnerable function or a language construct. We develop a static source analysis that is able to identify execution paths with these three characteristics and report them as potential vulnerabilities. We present an efficient implementation of our approach as an extension to the GNU C Compiler. We discuss the benefits of integrating a vulnerability detection system in a compiler. Finally, we present experimental results indicating a high level of accuracy of our technique.

Citations

704 On computable numbers, with an application to the Entscheidungsproblem – Turing - 1937
644 Efficiently computing static single assignment form and the control dependence graph – Cytron, Ferrante, et al. - 1991
265 Constant propagation with conditional branches – Wegman, Zadeck - 1991
254 A first step towards automated detection of buffer overrun vulnerabilities – Wagner, Foster, et al. - 2000
241 Checking system rules using system-specific, programmer-written compiler extensions – Engler, Chelf, et al. - 2000
148 Global value numbers and redundant computation – Rosen, Wegman, et al. - 1988
142 Detecting format string vulnerabilities with type qualifiers – Shankar, Talwar, et al. - 2001
111 The Internet Worm Program: An Analysis – Spafford - 1988
59 Accurate Static Branch Prediction by Value Range Propagation – Patterson - 1995
58 The undecidability of aliasing – Ramalingam - 1994
55 ITS4: A static vulnerability scanner for C and C++ code – VIEGA, BLOCH, et al. - 2000
36 Classes of recursively enumerable sets and their decision problems – Rice - 1953
27 a C Program Checker – Johnson - 1978
15 An analysis framework for the McCAT compiler – Sridharan - 1992
8 Protecting from stacksmashing attacks http://www.trl.ibm.com/projects/ security/ssp/main.html – Etoh, Yoda
2 RATS – rough auditing tool for security. http://www.securesoftware.com/resources/tools.html – Software
1 Smashing the stack for fun and profit. Phrack 49–14 – One - 1996
1 Peach fuzzer framework – Eddington
1 Analysis of Perl’s taint mode – Hurst - 2004
1 SecurityFocus vulnerability archive. http://www.securityfocus.com/bid – SecurityFocus
1 Computer Emergency Rediness Team. 2004. Technical cyber security alerts. http://www.us-cert.gov/cas/techalerts – States
View or Download | Add to My Collection | Correct Errors