Title :
A program vulnerabilities detection frame by static code analysis and model checking
Author :
Xin, Liu ; Wandong, Cai
Author_Institution :
Sch. of Comput. Sci., Northwestern Polytech. Univ., Xi´´an, China
Abstract :
In this article we address program errors, and through the static code analysis. First, we use inter-procedural based on analysis and blunt insensitive vulnerability testing model, - extracted from the source code. Second, we use of model checking to solve the model. In addition, we do alias analysis method is correct and accuracy testing model. This paper proposed concepts are aimed at those general class buffer of those loopholes and can be applied to the detection of buffer overrun vulnerabilities types such as format string of attacks, and the test code injection. In order to evaluate the effectiveness of CodeAuditor, use the tool to detect the loophole few C affinity grams. We take six open source applications as a test. Experimental results show that, 18 previously unknown vulnerabilities in six open source applications have found our tools. The observation is false positives in about 23%.
Keywords :
program diagnostics; program testing; program verification; C affinity grams; CodeAuditor; alias analysis method; blunt insensitive vulnerability testing model; buffer overrun vulnerabilities; format string of attacks; model checking; program vulnerabilities detection frame; source code; static code analysis; test code injection; Analytical models; Arrays; Buffer overflow; Instruments; Security; Software; Syntactics; Model Checking; Program Vulnerabilities Detection; Static Code Analysis;
Conference_Titel :
Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on
Conference_Location :
Xi´an
Print_ISBN :
978-1-61284-485-5
DOI :
10.1109/ICCSN.2011.6013559
