PhASAR: An Inter-procedural Static Analysis Framework for C/C++

Schubert, Philipp Dominik; Hermann, Ben; Bodden, Eric

doi:10.1007/978-3-030-17465-1_22

Cited by 55 publications

(15 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…These are the languages used to build the majority of operating systems and virtual machines (also the Java Virtual Machine). However, high control and versatility come with a cost, the obligation to avoid bugs and software vulnerabilities, which can entail serious consequences for critical services [59]. According to [24], fifty-nine percent of C++ applications scanned with their analysis tools included high and very high severity flaws.…”

Section: Related Workmentioning

confidence: 99%

Efficient Feature Selection for Static Analysis Vulnerability Prediction

Filus

Boryszko

Domańska

et al. 2021

Sensors

View full text Add to dashboard Cite

Common software vulnerabilities can result in severe security breaches, financial losses, and reputation deterioration and require research effort to improve software security. The acceleration of the software production cycle, limited testing resources, and the lack of security expertise among programmers require the identification of efficient software vulnerability predictors to highlight the system components on which testing should be focused. Although static code analyzers are often used to improve software quality together with machine learning and data mining for software vulnerability prediction, the work regarding the selection and evaluation of different types of relevant vulnerability features is still limited. Thus, in this paper, we examine features generated by SonarQube and CCCC tools, to identify those that can be used for software vulnerability prediction. We investigate the suitability of thirty-three different features to train thirteen distinct machine learning algorithms to design vulnerability predictors and identify the most relevant features that should be used for training. Our evaluation is based on a comprehensive feature selection process based on the correlation analysis of the features, together with four well-known feature selection techniques. Our experiments, using a large publicly available dataset, facilitate the evaluation and result in the identification of small, but efficient sets of features for software vulnerability prediction.

show abstract

Section: Related Workmentioning

confidence: 99%

Efficient Feature Selection for Static Analysis Vulnerability Prediction

Filus

Boryszko

Domańska

et al. 2021

Sensors

View full text Add to dashboard Cite

show abstract

“…In the example, the block bb is identified as being the loop of the program, thus the invariant is mapped to the loop head. For this, we employed some basic functions provided by PHASAR [41] in our adapter. Finally, we construct the CFA of the C-program, store the invariants at the nodes and convert the equipped CFA to a verification witness.…”

Section: Adapter For Llvm-based Helper Invariant Generatorsmentioning

confidence: 99%

CoVEGI: Cooperative Verification via Externally Generated Invariants

Haltermann

Wehrheim

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Software verification has recently made enormous progress due to the development of novel verification methods and the speed-up of supporting technologies like SMT solving. To keep software verification tools up to date with these advances, tool developers keep on integrating newly designed methods into their tools, almost exclusively by re-implementing the method within their own framework. While this allows for a conceptual re-use of methods, it nevertheless requires novel implementations for every new technique.In this paper, we employ cooperative verification in order to avoid re-implementation and enable usage of novel tools as black-box components in verification. Specifically, cooperation is employed for the core ingredient of software verification which is invariant generation. Finding an adequate loop invariant is key to the success of a verification run. Our framework named CoVEGI allows a master verification tool to delegate the task of invariant generation to one or several specialized helper invariant generators. Their results are then utilized within the verification run of the master verifier, allowing in particular for crosschecking the validity of the invariant. We experimentally evaluate our framework on an instance with two masters and three different invariant generators using a number of benchmarks from SV-COMP 2020. The experiments show that the use of CoVEGI can increase the number of correctly verified tasks without increasing the used resources.

show abstract

“…During the course of this research, we studied several LLVM-based pointer analyses and found these tools have known implementation bugs that cause false negatives (i.e., missing alias relationships) in the analysis output [36], [50], [60]. For instance, these tools miss tracking pointers passed as an element of structure type (aggregate) registers.…”

Section: Instrumenting Memory Accessesmentioning

confidence: 99%

NoJITsu: Locking Down JavaScript Engines

Park

Dhondt²,

Gens

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Data-only attacks against dynamic scripting environments have become common. Web browsers and other modern applications embed scripting engines to support interactive content. The scripting engines optimize performance via just-intime compilation. Since applications are increasingly hardened against code-reuse attacks, adversaries are looking to achieve code execution or elevate privileges by corrupting sensitive data like the intermediate representation of optimizing JIT compilers. This has inspired numerous defenses for just-in-time compilers. Our paper demonstrates that securing JIT compilation is not sufficient. First, we present a proof-of-concept data-only attack against a recent version of Mozilla's SpiderMonkey JIT in which the attacker only corrupts heap objects to successfully issue a system call from within bytecode execution at run time. Previous work assumed that bytecode execution is safe by construction since interpreters only allow a narrow set of benign instructions and bytecode is always checked for validity before execution. We show that this does not prevent malicious code execution in practice. Second, we design a novel defense, dubbed NOJITSU to protect complex, real-world scripting engines from data-only attacks against interpreted code. The key idea behind our defense is to enable fine-grained memory access control for individual memory regions based on their roles throughout the JavaScript lifecycle. For this we combine automated analysis, instrumentation, compartmentalization, and Intel's Memory-Protection Keys to secure SpiderMonkey against existing and newly synthesized attacks. We implement and thoroughly test our implementation using a number of real-world scenarios as well as standard benchmarks. We show that NOJITSU successfully thwarts codereuse as well as data-only attacks against any part of the scripting engine while offering a modest run-time overhead of only 5%.

show abstract

PhASAR: An Inter-procedural Static Analysis Framework for C/C++

Cited by 55 publications

References 14 publications

Efficient Feature Selection for Static Analysis Vulnerability Prediction

Efficient Feature Selection for Static Analysis Vulnerability Prediction

CoVEGI: Cooperative Verification via Externally Generated Invariants

NoJITsu: Locking Down JavaScript Engines

Contact Info

Product

Resources

About