1,932 research outputs found
Towards Vulnerability Discovery Using Staged Program Analysis
Eliminating vulnerabilities from low-level code is vital for securing
software. Static analysis is a promising approach for discovering
vulnerabilities since it can provide developers early feedback on the code they
write. But, it presents multiple challenges not the least of which is
understanding what makes a bug exploitable and conveying this information to
the developer. In this paper, we present the design and implementation of a
practical vulnerability assessment framework, called Melange. Melange performs
data and control flow analysis to diagnose potential security bugs, and outputs
well-formatted bug reports that help developers understand and fix security
bugs. Based on the intuition that real-world vulnerabilities manifest
themselves across multiple parts of a program, Melange performs both local and
global analyses. To scale up to large programs, global analysis is
demand-driven. Our prototype detects multiple vulnerability classes in C and
C++ code including type confusion, and garbage memory reads. We have evaluated
Melange extensively. Our case studies show that Melange scales up to large
codebases such as Chromium, is easy-to-use, and most importantly, capable of
discovering vulnerabilities in real-world code. Our findings indicate that
static analysis is a viable reinforcement to the software testing tool set.Comment: A revised version to appear in the proceedings of the 13th conference
on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA),
July 201
A Non-Null Annotation Inferencer for Java Bytecode
We present a non-null annotations inferencer for the Java bytecode language.
We previously proposed an analysis to infer non-null annotations and proved it
soundness and completeness with respect to a state of the art type system. This
paper proposes extensions to our former analysis in order to deal with the Java
bytecode language. We have implemented both analyses and compared their
behaviour on several benchmarks. The results show a substantial improvement in
the precision and, despite being a whole-program analysis, production
applications can be analyzed within minutes
Type Classes for Lightweight Substructural Types
Linear and substructural types are powerful tools, but adding them to
standard functional programming languages often means introducing extra
annotations and typing machinery. We propose a lightweight substructural type
system design that recasts the structural rules of weakening and contraction as
type classes; we demonstrate this design in a prototype language, Clamp.
Clamp supports polymorphic substructural types as well as an expressive
system of mutable references. At the same time, it adds little additional
overhead to a standard Damas-Hindley-Milner type system enriched with type
classes. We have established type safety for the core model and implemented a
type checker with type inference in Haskell.Comment: In Proceedings LINEARITY 2014, arXiv:1502.0441
- …