Data flow analysis for C program based on graph model

Chao CHANG,Ke-sheng LIU,Long-dan TAN,Wen-chao JIA
DOI: https://doi.org/10.3785/j.issn.1008-973X.2017.05.022
2017-01-01
Abstract:A dataflow analysis method based on graph model for C program was proposed to solve the problem of high false positive rate.A multi-dimensional property graph that includes abstract syntax tree,control flow graph,program dependence graph and function call graph was constrcheted.From the security sensitive program point (sink),the related external controllable input point (source) could be traced.The tainted-style vulnerabilities could be detected through intra-procedural and inter-procedural define analysis.Results show that the false positive rate of data flow analysis was effectively reduced relying on the complete code property guidance and interval operation support,The method can reduce the workload of manual code audit.
What problem does this paper attempt to address?