Haibin Shen,Jimin Wang,Lingdi Ping,Kang Sun

DOI: https://doi.org/10.1007/11689522_32

2006-01-01

Abstract:Flexible features of C can be misused and result in potential vulnerabilities which are hard to detect by performing only static checking. Existing tools either give up run-time type checking or employ a type system whose granularity is too coarse (it does not differentiate between pointer types) so that many errors may go undetected. This paper presents a dynamic checking approach to conquer them. A type system that is based on the physical layout of data types and has the proper granularity has been employed. Rules for propagating dynamic types and checking for compatibility of types during execution of the target program are also set up. Then a model of dynamic type checking on this type system to capture run-time type errors is built. Experimental results show that it can catch most errors, including those may become system vulnerabilities and the overhead is moderate.

Zhi-yuan WAN,Bo ZHOU

DOI: https://doi.org/10.3785/j.issn.1008-973x.2015.04.011

2015-01-01

Abstract:An approach based on static information flow tracking was proposed to detect input validation vulnerabilities in order to reduce the false positive rate of vulnerability detection techniques based on static analysis.The approach was implemented on top of the static code analysis tool FindBugs.The performance and precision of our approach were evaluated.Experimental results show that our approach can effectively detect input validation vulnerabilities.The false positive rate of FindBugs was reduced by 55.7% without significantly slowing the performance.

Lian Yu,Jun Zhou,Yue Yi,Jianchu Fan,Qianxiang Wang

DOI: https://doi.org/10.1109/qsic.2009.10

2009-01-01

Abstract:Static analysis works well at checking defects that clearly map to source code constructs. Model checking can find defects of deadlocks and routing loops that are not easily detected by static analysis, but faces the problem of state explosion. This paper proposes a hybrid approach to detecting security defects in programs. Fuzzy Inference System is used to infer selection among the two detection approaches. A cluster algorithm is developed to divide a large system into several clusters in order to apply model checking. Ontology based static analysis employs logic reasoning to intelligently detect the defects. We also put forwards strategies to improve performance of the static analysis. At last, we perform experiments to evaluate the accuracy and performance of the hybrid approach.

WANG Chun-lei,LIU Qiang,ZHAO Gang,DAI Yi-qi

DOI: https://doi.org/10.3778/j.issn.1002-8331.2009.26.024

2009-01-01

Abstract:The detection of flaw functions in binary executables is an important technique for software vulnerability analysis.A flaw function detection method based upon the static analysis of executable is proposed.The foundation of this method is the signature theme of flaw functions in the form of binary instruction flow.This method establishes the set of potential function call sequences in the running process and constructs the function call graph by statically analyzing the binary executable,and detects the set of flaw functions the executable invoked by matching and analyzing the signatures of flaw functions with the function call graph.Experimental results demonstrate that the method is effective for detecting the flaw functions in executables,and is useful for further security analysis.

Yanmiao Zhang,Xiaoyu Ji,Yushi Cheng,Wenyuan Xu

DOI: https://doi.org/10.23919/ChiCC.2019.8866144

2019-01-01

Abstract:As a modern power transmission network, smart grid connects abundant terminal devices and plays an important role in our daily life. However, along with its growth are the security threats. Different from the separated environment previously, an adversary nowadays can destroy the power system by attacking its terminal devices. As a result, it's critical to ensure the security and safety of terminal devices. To achieve it, detecting the pre-existing vulnerabilities in the terminal program and enhancing its security, are of great importance and necessity. In this paper. we introduce Cker, a novel vulnerability detection tool for smart grid devices, which generates an program model based on device sources and sets rules to perform model checking. We utilize the static analysis to extract necessary information and build corresponding program models. By further checking the model with pre-defined vulnerability patterns, we achieve security detection and error reporting. The evaluation results demonstrate that our method can effectively detect vulnerabilities in smart devices with an acceptable accuracy and false positive rate. In addition, as Cker is realized by pure python. it can be easily scaled to other platforms.

Jun Zhu,Bill Chu,Heather Richter Lipford,Tyler Thomas

DOI: https://doi.org/10.1145/2752952.2752976

2015-01-01

Abstract:ABSTRACTAccess control vulnerabilities due to programming errors have consistently ranked amongst top software vulnerabilities. Previous research efforts have concentrated on using automatic program analysis techniques to detect access control vulnerabilities in applications. We report a comparative study of six open source PHP applications, and find that implicit assumptions of previous research techniques can significantly limit their effectiveness. We propose a more effective hybrid approach to mitigate access control vulnerabilities. Developers are reminded in-situ of potential access control vulnerabilities, where self-review of code can help them discover mistakes. Additionally, developers are prompted for application-specific access control knowledge, providing samples of code that could be thought of as static analysis by example. These examples are turned into code patterns that can be used in performing static analysis to detect additional access control vulnerabilities and alert the developer to take corrective actions. Our evaluation of six open source applications detected 20 zero-day access control vulnerabilities in addition to finding all access control vulnerabilities detected in previous works.

Jun Zhu,Jing Xie,Heather Richter Lipford,Bill Chu

DOI: https://doi.org/10.1016/j.jare.2013.11.006

IF: 12.822

2014-01-01

Journal of Advanced Research

Abstract:Many security incidents are caused by software developers’ failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE) and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases.

Hui Yuan,Lei Zheng,Liang Dong,Xiangli Peng,Yan Zhuang,Guoru Deng

DOI: https://doi.org/10.1007/978-3-030-15235-2_66

2019-04-25

Abstract:With the rapid development of Internet technology, Web applications are widely used in all walks of life, and their security requirements are increasing. Unfortunately, at present, the development of Web security technology still lags behind the development of Web application technology itself. The Web application itself and its operating environment are still relatively fragile, and its operating environment is easily forged or modified, making Web applications gradually become malicious. The object of the attack is frequently attacked. This paper investigates and analyzes the common vulnerabilities in web applications, deeply studies the basic characteristics of these vulnerabilities, and understands the principles and solutions of vulnerabilities. The static analysis method is used to analyze the vulnerabilities, and the static analysis methods are used to solve the security vulnerabilities in the Java web project.

V. V. Kuliamin

DOI: https://doi.org/10.1134/s0361768824010079

2024-05-23

Programming and Computer Software

Abstract:A review of software dynamic analysis methods is presented, mainly focusing on the methods supported by tools targeted on software security verification and applicable to system software. Fuzzing, runtime verification and dynamic symbolic execution techniques are considered in detail. Dynamic taint data analysis methods and tools are excluded since gathering technical details on them is complicated. The review of fuzzing and dynamic symbolic execution is focused mostly on the techniques to solve various problems that arise during operation of the tools rather than the particular tools that amount to a number greater than 100. In addition, the fuzzing counteraction techniques are considered.

computer science, software engineering

Zhejun Fang,Yuqing Zhang,Ying Kong,Qixu Liu

DOI: https://doi.org/10.1002/sec.747

IF: 1.968

2013-03-12

Security and Communication Networks

Abstract:This paper concerns about logic vulnerabilities that result from faulty logic of a web application. Logic vulnerabilities typically accompany with the exposure of unexpected functionalities and lead to the bypass of the intended constraints. From a semantic perspective, logic vulnerabilities occur when mistakes arise in the control flows guarding the processes of invoking critical functionalities. In this paper, we propose the first lightweight static analysis approach to automatically detect logic vulnerabilities in Java web applications. Logic errors in our approach are characterized as erroneous invocations of functionalities. Program‐slicing technique has been leveraged to capture the processes of invoking critical functionalities. A back‐tracing algorithm is originally designed to extract control flows guarding functionality‐invocation processes. Finally, logic vulnerability detection is transformed into mining abnormal functionality‐invocation processes in a cluster of similar ones by comparing these processes' control flows. We implemented our approach in a prototype tool named logic vulnerability detector and evaluated it on seven real‐world applications scaled from thousands to million lines of code. The evaluation results show that our approach achieves bigger coverage with acceptable cost and better scalability than previous approaches. Copyright © 2013 John Wiley & Sons, Ltd. In this paper, we propose the first lightweight static analysis approach to automatically detect logic vulnerabilitiesin Java web applications. We implemented our approach using program‐slicing technique and a back‐tracingextracting algorithm for control flow, and evaluated it on seven real‐world applications scaled from thousands to million lines of code. The evaluation results show that our approach achieves bigger coverage with acceptable cost and better scalability than previous approaches.

computer science, information systems,telecommunications

Yan Wu,Jingyi Su,David D. Moran,Chris D. Near

DOI: https://doi.org/10.48550/arXiv.2301.06215

2023-01-15

Software Engineering

Abstract:The mass production of complex software has made it impossible to manually test it for security vulnerabilities. Automated security testing tools come in a variety of flavors, function at various stages of software development, and target different categories of software vulnerabilities. It is great that we have a plethora of automated tools to choose from, but it is a problem that their adoption and recognition are not prominent. The purpose of this study is to explore the possibilities of existing techniques while also broadening the horizon by exploring the future of security testing tools and related techniques.

Arvinder Kaur,Ruchikaa Nayyar

DOI: https://doi.org/10.1016/j.procs.2020.04.217

2020-01-01

Procedia Computer Science

Abstract:<p>Software security has become an essential component of software development process. It is necessary for an organisation to maintain software security in order to ensure integrity, authenticity and availability of the software product. To ensure software security, one of the major task is to identify vulnerabilities present in the source code before the software is being deployed. Detecting vulnerabilities in early phases of software development cycle, makes the process of fixing those vulnerabilities much easier for software developers. The vulnerability detection can be done either at the production phase, this means when the software is still being developed by statically auditing the source code, or dynamically at run time. In this study, vulnerability detection was done through Static code analysis process. Static code analysis can be done either manually or through automated tools. This paper focuses on using automated source code scanning tools for vulnerabilities detection in a software. Automated static Code Analysis tools audits the entire source code for its quality and identify any potential security vulnerability, if present. Unlike dynamic source code analysis that evaluates the source code behaviour during code execution, which is done quite late in the software development life cycle, Static Code Analysis leads to detection of security vulnerabilities in a source code in early stages of software development process, when the software is still in production phase because it does not require code to be in execution state. This paper firstly explains the importance of incorporating static code analysis in software development life cycle process so as to facilitate early detection of vulnerabilities in software product, and then present a comparative study of various static code analysis tools available for vulnerability detection in C/C++ and JAVA source code. The comparative study of three C/C++ static code analysis tools (flawfinder, RATS and CPPCheck) and two JAVA static code analysis tools (spotbugs and PMD) is done using Juliet (version1.3) test suite and APACHE tomcat dataset respectively, on the basis of category of vulnerability detected by each of the selected tool and the likelihood of false positive reported by each tool. Results showed that Flawfinder detected maximum categories of vulnerabilities and RATS and CPPCheck were almost similar in types of vulnerabilities detected. Also, it was observed that CPPCheck reported maximum number of false positives as compared to other two tools. Java static code analysis tools Spot bugs was able to detect more number of vulnerabilities than PMD.</p>

Lian Yu,Shi-Zhong Wu,Tao Guo,Guo-Wei Dong,Cheng-Cheng Wan,Yin-Hang Jing

DOI: https://doi.org/10.1007/978-3-642-25243-3_27

2011-01-01

Abstract:Static analysis technologies and tools have been widely adopted in detecting software bugs and vulnerabilities. However, traditional approaches have their limitations on extensibility and reusability due to their methodologies, and are unsuitable to describe subtle vulnerabilities under complex and unaccountable contexts. This paper proposes an approach of static analysis based on ontology model enhanced by program slicing technology for detecting software vulnerabilities. We use Ontology Web Language (OWL) to model the source code and Semantic Web Rule Language (SWRL) to describe the bug and vulnerability patterns. Program slicing criteria can be automatically extracted from the SWRL rules and adopted to slice the source code. A prototype of security vulnerability detection (SVD) tool is developed to show the validity of the proposed approach.

Gabor Horvath,Reka Kovacs,Richard Szalay,Zoltan Porkolab

2024-08-11

Abstract:Static analysis is a method of analyzing source code without executing it. It is widely used to find bugs and code smells in industrial software. Besides other methods, the most important techniques are those based on the abstract syntax tree and those performing symbolic execution. Both of these methods found their role in modern software development as they have different advantages and limitations. In this tutorial, we present two problems from the C++ programming language: the elimination of redundant pointers, and the reporting of dangling pointers originating from incorrect use of the std::string class. These two issues have different theoretical backgrounds and finding them requires different implementation techniques. We will provide a step-by-step guide to implement the checkers (software to identify the aforementioned problems) - one based on the abstract syntax analysis method, the other exploring the possibilities of symbolic execution. The methods are explained in great detail and supported by code examples. The intended audience for this tutorial are both architects of static analysis tools and developers who want to understand the advantages and constraints of the different methods.

Software Engineering

Jones Yeboah,Saheed Popoola

2024-05-21

Abstract:In software practice, static analysis tools remain an integral part of detecting defects in software and there have been various tools designed to run the analysis in different programming languages like Java, C++, and Python. This paper presents an empirical comparison of popular static analysis tools for identifying software defects using several datasets using Java, C++, and Python code. The study used popular analysis tools such as SonarQube, PMD, Checkstyle, and FindBugs to perform the comparison based on using the datasets. The study also used various evaluation metrics such as Precision, Recall, and F1-score to determine the performance of each analysis tool. The study results show that SonarQube performs considerably well than all other tools in terms of its defect detection across the various three programming languages. These findings remain consistent with other existing studies that also agree on SonarQube being an effective tool for defect detection in software. The study contributes to much insight on static analysis tools with different programming languages and additional information to understand the strengths and weaknesses of each analysis tool. The study also discusses the implications for software development researchers and practitioners, and future directions in this area. Our research approach aim is to provide a recommendation guideline to enable software developers, practitioners, and researchers to make the right choice on static analysis tools to detect errors in their software codes. Also, for researchers to embark on investigating and improving software analysis tools to enhance the quality and reliability of the software systems and its software development processes practice.

Software Engineering

Midya Alqaradaghi,Tamás Kozsik

DOI: https://doi.org/10.1109/access.2024.3389955

IF: 3.9

2024-04-27

IEEE Access

Abstract:Various static code analysis tools have been designed to automatically detect software faults and security vulnerabilities. This paper aims to 1) conduct an empirical evaluation to assess the performance of five free and state-of-the-art static analysis tools in detecting Java security vulnerabilities using a well-defined and repeatable approach; 2) report on the vulnerabilities that are best and worst detected by static Java analyzers. We used the Juliet benchmark test suite in a controlled experiment to assess the effectiveness of five widely used Java static analysis tools. The vulnerabilities were successfully detected by one, two, or three tools. Only one vulnerability has been detected by four tools. The tools missed 13% of the Java vulnerability categories appearing in our experiment. More critically, none of the five tools could identify all the vulnerabilities in our experiment. We conclude that, despite recent improvements in their methodologies, current state-of-the-art static analysis tools are still ineffective for identifying the security vulnerabilities occurring in a small-scale, artificial test suite.

computer science, information systems,telecommunications,engineering, electrical & electronic

Nima Shiri harzevili,Jiho Shin,Junjie Wang,Song Wang,Nachiappan Nagappan

2023-07-09

Abstract:Automatic detection of software bugs is a critical task in software security. Many static tools that can help detect bugs have been proposed. While these static bug detectors are mainly evaluated on general software projects call into question their practical effectiveness and usefulness for machine learning libraries. In this paper, we address this question by analyzing five popular and widely used static bug detectors, i.e., Flawfinder, RATS, Cppcheck, Facebook Infer, and Clang static analyzer on a curated dataset of software bugs gathered from four popular machine learning libraries including Mlpack, MXNet, PyTorch, and TensorFlow with a total of 410 known bugs. Our research provides a categorization of these tools' capabilities to better understand the strengths and weaknesses of the tools for detecting software bugs in machine learning libraries. Overall, our study shows that static bug detectors find a negligible amount of all bugs accounting for 6/410 bugs (0.01%), Flawfinder and RATS are the most effective static checker for finding software bugs in machine learning libraries. Based on our observations, we further identify and discuss opportunities to make the tools more effective and practical.

Software Engineering

JiaJing Li,Tao Wei,Wei Zou,Jian Mao

DOI: https://doi.org/10.1109/isecs.2009.148

2009-01-01

Abstract:Existing techniques based on behavior semantics for information theft malware detection have the main shortcomings of low path coverage and disability of finding hidden malicious behaviors. In this paper we propose a static method for the detection of information theft malware to overcome these shortcomings. It is particularly efficient for inter-procedure taint analysis, and it is suitable for complicated malware detection, such as Trojan and Bot. Its static style makes it able to find hidden malicious behaviors. We also present an implementation of our method that works on x86 executables and a set of experimental studies validate its good efficiency and effectiveness.

Lixin Li,Chao Wang

DOI: https://doi.org/10.1007/978-3-642-40787-1_31

2013-01-01

Abstract:Dynamic analysis techniques have made a significant impact in security practice, e.g. by automating some of the most tedious processes in detecting vulnerabilities. However, a significant gap remains between existing software tools and what many security applications demand. In this paper, we present our work on developing a cross-platform interactive analysis tool, which leverages techniques such as symbolic execution and taint tracking to analyze binary code on a range of platforms. The tool builds upon IDA, a popular reverse engineering platform, and provides a unified analysis engine to handle various instruction sets and operating systems. We have evaluated the tool on a set of real-world applications and shown that it can help identify the root causes of security vulnerabilities quickly.

Dejan Baca,Bengt Carlsson,Kai Petersen,Lars Lundberg

DOI: https://doi.org/10.1002/spe.2109

2012-02-20

Abstract:SUMMARY Software security can be improved by identifying and correcting vulnerabilities. In order to reduce the cost of rework, vulnerabilities should be detected as early and efficiently as possible. Static automated code analysis is an approach for early detection. So far, only few empirical studies have been conducted in an industrial context to evaluate static automated code analysis. A case study was conducted to evaluate static code analysis in industry focusing on defect detection capability, deployment, and usage of static automated code analysis with a focus on software security. We identified that the tool was capable of detecting memory related vulnerabilities, but few vulnerabilities of other types. The deployment of the tool played an important role in its success as an early vulnerability detector, but also the developers perception of the tools merit. Classifying the warnings from the tool was harder for the developers than to correct them. The correction of false positives in some cases created new vulnerabilities in previously safe code. With regard to defect detection ability, we conclude that static code analysis is able to identify vulnerabilities in different categories. In terms of deployment, we conclude that the tool should be integrated with bug reporting systems, and developers need to share the responsibility for classifying and reporting warnings. With regard to tool usage by developers, we propose to use multiple persons (at least two) in classifying a warning. The same goes for making the decision of how to act based on the warning. Copyright © 2012 John Wiley &amp; Sons, Ltd.