A case study in detecting software security vulnerabilities using constraint optimization

Weber, Michael; Shah, Viren; Ren, ChuanJun

doi:10.1109/scam.2001.972661

Cited by 11 publications

(6 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some methods analyze the source code of the program. They apply different techniques, such as taint analysis , constraint analysis , pattern matching , mutation analysis , and annotation‐based analysis to detect the vulnerabilities. Because these methods require the source code of the program, they cannot be helpful in the absence of the source code.…”

Section: Related Workmentioning

confidence: 99%

A smart fuzzing method for detecting heap‐based vulnerabilities in executable codes

Mouzarani

Sadeghiyan

Zolfaghari

2016

Security Comm Networks

View full text Add to dashboard Cite

In this paper, we present a smart fuzzing method for detecting six classes of heap‐based vulnerabilities in executable codes, that is, heap‐based buffer overflow, buffer underwrite, buffer over‐read, buffer under‐read, double‐free, and use‐after‐free vulnerabilities. In the proposed method, the executable code is instrumented to perform concolic (concrete + symbolic) execution and calculate the constraints on input data for executing a specific path. We also define a number of vulnerability constraints that determine the characteristics of input data that activate specific vulnerabilities in an execution path. By calculating symbolic path and vulnerability constraints in each executed path, we generate appropriate concrete input data that traverse other paths in the program and detect the vulnerabilities in the executed paths. We have implemented the proposed smart fuzzing method as a plug‐in for Valgrind framework and tested it on different groups of benchmark programs. The results demonstrate that the calculated vulnerability constraints are accurate, and our fuzzer is able to detect the vulnerabilities in these programs. We have also compared the implemented fuzzer with three other fuzzers and demonstrated how calculating the path and vulnerability constraints in our method helps to fuzz a program more efficiently. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

Section: Related Workmentioning

confidence: 99%

A smart fuzzing method for detecting heap‐based vulnerabilities in executable codes

Mouzarani

Sadeghiyan

Zolfaghari

2016

Security Comm Networks

View full text Add to dashboard Cite

show abstract

“…ITS4 [19], VulCAn [20]) can aid guiding code auditing in order to spot vulnerabilities caused by library functions only. Moreover, since they only perform a lexical analysis and not a dataflow analysis, they leave a lot of manual work to code auditors and they can report many false positives.…”

Section: Related Workmentioning

confidence: 99%

“…Some of them (e.g. MJOL-NIR [20], and ARCHER [21]) abstract away the code of programs to formulate a linear programming problem, in order to be scalable. Hence, constraint solvers are used and, when inconsistencies are detected, warnings are emitted.…”

Section: Related Workmentioning

confidence: 99%

A Lightweight Security Analyzer inside GCC

Pozza

Sisto

2008

2008 Third International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

This paper describes the design and implementation of a lightweight static security analyzer that exploits the compilation process of the gcc compiler. The tool is aimed at giving to programmers useful and precise hints for improving the security of the developed software, while also detecting format string vulnerabilities, buffer overflows, and subtle vulnerabilities due to incorrect arithmetic and conversion on integers. The experimented technique is a combination of the taint analysis concept and of a value range propagation algorithm. The experimental results obtained by analyzing some real-world security critical programs show that the tool is only slightly heavier than pure compilation, and that it is able to detect known vulnerabilities, as well as unknown ones. Moreover, even if false positives are given, many of the warnings that do not correspond to vulnerabilities are indeed instances of unsafe programming practices, which can be avoided by applying a defensive programming style. Then, the tool can be profitably used during development, as a means that facilitates such coding practice.

show abstract

“…Rule base has been used in many areas that require flexibility, extensibility, and efficiency. For example, rulebase has been successfully applied in the code analysis to detect software vulnerability [43], [45]. These approaches can discover potential code fragments in software that may expose to the buffer overrun attack.…”

Section: Related Workmentioning

confidence: 99%

On the Customization of Components: A Rule-Based Approach

Zhang

Cooper

et al. 2007

IEEE Trans. Knowl. Data Eng.

View full text Add to dashboard Cite

Realizing the quality-of-service (QoS) requirements for a software system continues to be an important and challenging issue in software engineering. A software system may need to be updated or reconfigured to provide modified QoS capabilities. These changes can occur at development time or at runtime. In component-based software engineering, software systems are built by composing components. When the QoS requirements change, there is a need to reconfigure the components. Unfortunately, many components are not designed to be reconfigurable, especially in terms of QoS capabilities. It is often labor-intensive and error-prone work to reconfigure the components, as developers need to manually check and modify the source code. Furthermore, the work requires experienced senior developers, which makes it costly. The limitations motivate the development of a new rule-based semiautomated component parameterization technique that performs code analysis to identify and adapt parameters and changes components into reconfigurable ones. Compared with a number of alternative QoS adaptation approaches, the proposed rule-based technique has advantages in terms of flexibility, extensibility, and efficiency. The adapted components support the reconfiguration of potential QoS trade-offs among time, space, quality, and so forth. The proposed rule-based technique has been successfully applied to two substantial libraries of components. The F-measure or balanced F-score results for the validation are excellent, that is, 94 percent.

show abstract

A case study in detecting software security vulnerabilities using constraint optimization

Cited by 11 publications

References 8 publications

A smart fuzzing method for detecting heap‐based vulnerabilities in executable codes

A smart fuzzing method for detecting heap‐based vulnerabilities in executable codes

A Lightweight Security Analyzer inside GCC

On the Customization of Components: A Rule-Based Approach

Contact Info

Product

Resources

About