DocumentCode :
2105515
Title :
UAF bug checking model based on dataflow analysis
Author :
Ouyang, Yongji ; Wang, Qingxian ; Wei, Qiang ; Liu, Jie
Author_Institution :
Zhengzhou Inf. Sci. & Technol. Inst., Zhengzhou, China
fYear :
2010
fDate :
17-19 Dec. 2010
Firstpage :
534
Lastpage :
538
Abstract :
Although there are some tools supporting to detect the program´s use-after-free vulnerability, their performance may be degraded because of the restriction they have. In order to detect the program´s use-after-free vulnerability with a relatively higher efficiency, in this paper, we propose an automated approach for checking the use-after-free vulnerability in the application. First, we deliberate and choose the method of analyzing the dataflow statically. Then we track all definition and usage for the variables in the application. Finally, the techniques of the equivalent variable and alias analysis are introduced. We have implemented the approach of this thesis in a tool called UAFChecker which can detect use-after-free vulnerability automatically and have conducted experiments with several real-life case studies, experimental results show that the tool can detect the defects of actual application with low false positives and negatives probability.
Keywords :
data flow analysis; probability; program debugging; UAF bug checking model; UAFChecker; alias analysis; dataflow analysis; false positives-negatives probability; program use-after-free vulnerability; use-after-free vulnerability; Decision support systems; alias analysis; dataflow analysis; equivalent variable; use-after-free vulnerability;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Information Theory and Information Security (ICITIS), 2010 IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-6942-0
Type :
conf
DOI :
10.1109/ICITIS.2010.5689541
Filename :
5689541
Link To Document :
بازگشت