TY - GEN
T1 - Automated detection of code vulnerabilities based on program analysis and model checking
AU - Wang, Lei
AU - Zhang, Qiang
AU - Zhao, Peng Chao
PY - 2008
Y1 - 2008
N2 - Ensuring the correctness and reliability of software systems is one of the main problems in software development. Model checking, a static analysis method, is preponderant in improving the precision of vulnerabilities detection. However, when applied to buffer overflow and other bugs, it is hard to automatically construct the model for detecting the vulnerabilities. To address this problem we propose an approach that combines constraint based analysis and model checking together. We trace the memory size of buffer-related variables and instrument the code with corresponding constraint assertions before the potential vulnerable points by constraint based analysis. Then the problem of detecting vulnerabilities is converted into the problem of detecting vulnerabilities to verifying the reach ability of these assertions by model checking. In order to reduce the cost of model checking, program slicing is introduced to reduce the code size. CodeAuditor is a prototype implementation of our approach. With CodeAuditor, several yet unreported vulnerabilities are discovered in several open source software, and the performance is shown to be improved significantly with the help of program slicing.
AB - Ensuring the correctness and reliability of software systems is one of the main problems in software development. Model checking, a static analysis method, is preponderant in improving the precision of vulnerabilities detection. However, when applied to buffer overflow and other bugs, it is hard to automatically construct the model for detecting the vulnerabilities. To address this problem we propose an approach that combines constraint based analysis and model checking together. We trace the memory size of buffer-related variables and instrument the code with corresponding constraint assertions before the potential vulnerable points by constraint based analysis. Then the problem of detecting vulnerabilities is converted into the problem of detecting vulnerabilities to verifying the reach ability of these assertions by model checking. In order to reduce the cost of model checking, program slicing is introduced to reduce the code size. CodeAuditor is a prototype implementation of our approach. With CodeAuditor, several yet unreported vulnerabilities are discovered in several open source software, and the performance is shown to be improved significantly with the help of program slicing.
UR - https://www.scopus.com/pages/publications/56349123085
U2 - 10.1109/SCAM.2008.24
DO - 10.1109/SCAM.2008.24
M3 - 会议稿件
AN - SCOPUS:56349123085
SN - 9780769533537
T3 - Proceedings - 8th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2008
SP - 165
EP - 173
BT - Proceedings - 8th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2008
T2 - 8th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2008
Y2 - 28 September 2008 through 29 September 2008
ER -