11,185 research outputs found
Towards Vulnerability Discovery Using Staged Program Analysis
Eliminating vulnerabilities from low-level code is vital for securing
software. Static analysis is a promising approach for discovering
vulnerabilities since it can provide developers early feedback on the code they
write. But, it presents multiple challenges not the least of which is
understanding what makes a bug exploitable and conveying this information to
the developer. In this paper, we present the design and implementation of a
practical vulnerability assessment framework, called Melange. Melange performs
data and control flow analysis to diagnose potential security bugs, and outputs
well-formatted bug reports that help developers understand and fix security
bugs. Based on the intuition that real-world vulnerabilities manifest
themselves across multiple parts of a program, Melange performs both local and
global analyses. To scale up to large programs, global analysis is
demand-driven. Our prototype detects multiple vulnerability classes in C and
C++ code including type confusion, and garbage memory reads. We have evaluated
Melange extensively. Our case studies show that Melange scales up to large
codebases such as Chromium, is easy-to-use, and most importantly, capable of
discovering vulnerabilities in real-world code. Our findings indicate that
static analysis is a viable reinforcement to the software testing tool set.Comment: A revised version to appear in the proceedings of the 13th conference
on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA),
July 201
STATIC CODE ANALYSIS
A lot of the defects that are present in a program are not visible to the compiler. Static code analysis is a way to find bugs and reduce the defects in a software application. This paper gives you an overview on static code analysis, well-known tools and the benefits of this practice.code, analysis
How Effective are Smart Contract Analysis Tools? Evaluating Smart Contract Static Analysis Tools Using Bug Injection
Security attacks targeting smart contracts have been on the rise, which have
led to financial loss and erosion of trust. Therefore, it is important to
enable developers to discover security vulnerabilities in smart contracts
before deployment. A number of static analysis tools have been developed for
finding security bugs in smart contracts. However, despite the numerous
bug-finding tools, there is no systematic approach to evaluate the proposed
tools and gauge their effectiveness. This paper proposes SolidiFI, an automated
and systematic approach for evaluating smart contract static analysis tools.
SolidiFI is based on injecting bugs (i.e., code defects) into all potential
locations in a smart contract to introduce targeted security vulnerabilities.
SolidiFI then checks the generated buggy contract using the static analysis
tools, and identifies the bugs that the tools are unable to detect
(false-negatives) along with identifying the bugs reported as false-positives.
SolidiFI is used to evaluate six widely-used static analysis tools, namely,
Oyente, Securify, Mythril, SmartCheck, Manticore and Slither, using a set of 50
contracts injected by 9369 distinct bugs. It finds several instances of bugs
that are not detected by the evaluated tools despite their claims of being able
to detect such bugs, and all the tools report many false positivesComment: ISSTA 202
I know what leaked in your pocket: uncovering privacy leaks on Android Apps with Static Taint Analysis
Android applications may leak privacy data carelessly or maliciously. In this
work we perform inter-component data-flow analysis to detect privacy leaks
between components of Android applications. Unlike all current approaches, our
tool, called IccTA, propagates the context between the components, which
improves the precision of the analysis. IccTA outperforms all other available
tools by reaching a precision of 95.0% and a recall of 82.6% on DroidBench. Our
approach detects 147 inter-component based privacy leaks in 14 applications in
a set of 3000 real-world applications with a precision of 88.4%. With the help
of ApkCombiner, our approach is able to detect inter-app based privacy leaks
- …