DMCA
Automatic Vulnerability Detection Using Static Source Code Analysis (2005)
| Citations: | 3 - 0 self |
BibTeX
@TECHREPORT{Sotirov05automaticvulnerability,
author = {Alexander Sotirov},
title = {Automatic Vulnerability Detection Using Static Source Code Analysis},
institution = {},
year = {2005}
}
Share
 |
 |
 |
 |
||
OpenURL
Abstract
We present a static source analysis technique for vulnerability detection in C programs. Our approach is based on a combination of taint analysis, a well known vulnerability detection method, and value range propagation, a technique previously used for compiler optimizations. We examine a sample set of vulnerabilities and develop a vulnerability classification based on common source code patterns. We identify three common characteristics present in most software vulnerabilities: one, data is read from an untrusted source, two, untrusted data is insufficiently validated, and three, untrusted data is used in a potentially vulnerable function or a language construct. We develop a static source analysis that is able to identify execution paths with these three characteristics and report them as potential vulnerabilities. We present an efficient implementation of our approach as an extension to the GNU C Compiler. We discuss the benefits of integrating a vulnerability detection system in a compiler. Finally, we present experimental results indicating a high level of accuracy of our technique.
Keyphrases
efficient implementation common source code pattern vulnerability classification execution path vulnerability detection method common characteristic compiler optimization vulnerability detection gnu compiler value range propagation vulnerable function static source analysis vulnerability detection system software vulnerability potential vulnerability taint analysis untrusted source language construct high level static source analysis technique sample set experimental result
