A program vulnerabilities detection frame by static code analysis and model checking

Author

Xin, Liu ; Wandong, Cai

Author_Institution

Sch. of Comput. Sci., Northwestern Polytech. Univ., Xi´´an, China

fYear

2011

fDate

27-29 May 2011

Firstpage

130

Lastpage

134

Abstract

In this article we address program errors, and through the static code analysis. First, we use inter-procedural based on analysis and blunt insensitive vulnerability testing model, - extracted from the source code. Second, we use of model checking to solve the model. In addition, we do alias analysis method is correct and accuracy testing model. This paper proposed concepts are aimed at those general class buffer of those loopholes and can be applied to the detection of buffer overrun vulnerabilities types such as format string of attacks, and the test code injection. In order to evaluate the effectiveness of CodeAuditor, use the tool to detect the loophole few C affinity grams. We take six open source applications as a test. Experimental results show that, 18 previously unknown vulnerabilities in six open source applications have found our tools. The observation is false positives in about 23%.

Keywords

program diagnostics; program testing; program verification; C affinity grams; CodeAuditor; alias analysis method; blunt insensitive vulnerability testing model; buffer overrun vulnerabilities; format string of attacks; model checking; program vulnerabilities detection frame; source code; static code analysis; test code injection; Analytical models; Arrays; Buffer overflow; Instruments; Security; Software; Syntactics; Model Checking; Program Vulnerabilities Detection; Static Code Analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on

Conference_Location

Xi´an

Print_ISBN

978-1-61284-485-5

Type

conf

DOI

10.1109/ICCSN.2011.6013559

Filename

6013559