Test-Driving Static Analysis Tools in Search of C Code Vulnerabilities

Chatzieleftheriou, George; Katsaros, Panagiotis

doi:10.1109/compsacw.2011.26

Cited by 28 publications

(8 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For over 35 years, attackers have been able to hijack the control flow of programs written in languages such as C and C++, which remain two of the most used programming languages today, especially in embedded environments where performance is critical. Past and recent research efforts to address this problem include fuzzing-based techniques [26,22,16,9,17], program transformation and compiler-based techniques [15,8,14] and static techniques [31,19,12,18,5], among others.…”

Section: Related Workmentioning

confidence: 99%

A Binary Analysis Approach to Retrofit Security in Input Parsing Routines

Menon

Hauser

Shoshitaishvili³

et al. 2018

2018 IEEE Security and Privacy Workshops (SPW)

View full text Add to dashboard Cite

In spite of numerous attempts to mitigate memory corruption vulnerabilities in low-level code over the years, those remain the most common vector of software exploitation today. A common cause of such vulnerabilities is the presence of errors in string manipulation, which are often found in input parsers, where the format of input data is verified and eventually converted into an internal program representation. This process, if done manually in an ad-hoc manner, is error prone and easily leads to unsafe and potentially exploitable behavior. While principled approaches to input validation exist, such as those based on parser generators (e.g., Lex [20] and Ragel [28]), these require a formalization of the input grammar, which is not always a straightforward process and tends to dissuade programmers. As a result, a large portion of input parsing routines as found in commodity software is still implemented in an ad-hoc way, causing numerous security issues. We propose to address this problem from a post-development perspective, by targeting software presenting security risks in opaque, closed-source environments where software components have already been deployed and integrated, and where re-implementation is not an option (e.g., as part of an embedded device's proprietary firmware). Our system is able to effectively detect vulnerability patterns in binary software and to retrofit security mechanisms preventing exploitation. In a semi-automated setting, it was able to discover an unknown security bug.

show abstract

Section: Related Workmentioning

confidence: 99%

A Binary Analysis Approach to Retrofit Security in Input Parsing Routines

Menon

Hauser

Shoshitaishvili³

et al. 2018

2018 IEEE Security and Privacy Workshops (SPW)

View full text Add to dashboard Cite

show abstract

“…Note, the 'standard way' here is to avoid respective effects beforehand using elaborate test, debug, and memory inspection tools when developing or verifying embedded software, respectively, cf. [1]. Nevertheless, such defects often find their way unnoticed to the target systems.…”

Section: Introductionmentioning

confidence: 97%

Memory leak detection runtime-service for embedded Linux devices

Beneder

Glatz

Horauer

et al. 2014

Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA)

View full text Add to dashboard Cite

In practice, software is often deployed with several hidden bugs despite various test processes and static analyses. Such bugs often cause a phenomenon called software aging that refers to the accumulation of errors occurring in long running software systems that results in a decrease of performance and an increases of the probability to crash the entire system. This paper presents a mechanism to detect memory leaks in embedded systems software at runtime that can be used to counter software aging. In particular, it presents and compares two measurement based algorithms to identify memory leaks on Embedded Linux devices at runtime. Both algorithms have been implemented and evaluated using an industrial room controller targeting building automation. Based on this approach we were able to identify an existing memory leak we were unaware of beforehand.

show abstract

“…FindBugs detectors for Web application vulnerabilities do not guarantee the absence of false negatives and they often generate false positives, as it happens with all static analyses [6]. However, the bug detectors for Web application vulnerabilities do not need code annotations, as is the case with many other static analyses.…”

Section: Static Analysismentioning

confidence: 99%

“…Dynamic analyses aim to prevent input injection attacks at runtime, thus avoiding the imprecision of static analyses due to their sensitivity characteristics [6]. However, most dynamic analyses do not take into account input sanitization operations that can be either safe or unsafe.…”

Section: Dynamic Analysismentioning

confidence: 99%

Inlined monitors for security policy enforcement in web applications

Rafailidis

Panagos

Katsaros

et al. 2013

Proceedings of the 17th Panhellenic Conference on Informatics

Self Cite

View full text Add to dashboard Cite

Improper input validation in Web Applications undermines their security and this may have disastrous consequences for the users. Input data can or cannot be harmful depending on how they are used with regard to the interactions with the clients and the accessed sensitive resources (e.g. databases and files). Existing application frameworks cannot guarantee safe input sanitization with respect to all vulnerabilities. Also, when legacy code is incorporated that was not originally written for the Web, its security hardening is costly and error-prone. We propose a reference monitor inlining approach that treats input injection vulnerabilities as a crosscutting concern. Our monitors enforce high-level security policies for taint propagation control, by weaving checks and repair actions into the untrusted code. Taint policies are specified into JavaMOP, a programming framework for generating runtime monitors, which are weaved into the application through the automated Aspect Oriented Programming process. When monitor design is guided by preliminary static taint analysis, the incurred overhead can be reduced. Further improvements are feasible through JavaMOP's optimizations. As a proof of concept, we present the design and experimental validation of inlined monitors against SQL injection and cross-site scripting attacks.

show abstract

Test-Driving Static Analysis Tools in Search of C Code Vulnerabilities

Cited by 28 publications

References 11 publications

A Binary Analysis Approach to Retrofit Security in Input Parsing Routines

A Binary Analysis Approach to Retrofit Security in Input Parsing Routines

Memory leak detection runtime-service for embedded Linux devices

Inlined monitors for security policy enforcement in web applications

Contact Info

Product

Resources

About