Title :
UAF bug checking model based on dataflow analysis
Author :
Ouyang, Yongji ; Wang, Qingxian ; Wei, Qiang ; Liu, Jie
Author_Institution :
Zhengzhou Inf. Sci. & Technol. Inst., Zhengzhou, China
Abstract :
Although there are some tools supporting to detect the program´s use-after-free vulnerability, their performance may be degraded because of the restriction they have. In order to detect the program´s use-after-free vulnerability with a relatively higher efficiency, in this paper, we propose an automated approach for checking the use-after-free vulnerability in the application. First, we deliberate and choose the method of analyzing the dataflow statically. Then we track all definition and usage for the variables in the application. Finally, the techniques of the equivalent variable and alias analysis are introduced. We have implemented the approach of this thesis in a tool called UAFChecker which can detect use-after-free vulnerability automatically and have conducted experiments with several real-life case studies, experimental results show that the tool can detect the defects of actual application with low false positives and negatives probability.
Keywords :
data flow analysis; probability; program debugging; UAF bug checking model; UAFChecker; alias analysis; dataflow analysis; false positives-negatives probability; program use-after-free vulnerability; use-after-free vulnerability; Decision support systems; alias analysis; dataflow analysis; equivalent variable; use-after-free vulnerability;
Conference_Titel :
Information Theory and Information Security (ICITIS), 2010 IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-6942-0
DOI :
10.1109/ICITIS.2010.5689541
