Combining Static and Dynamic Analysis for Vulnerability Detection

In this paper, we present a hybrid approach for buffer overflow detection in C code. The approach makes use of static and dynamic analysis of the application under investigation. The static part consists in calculating taint dependency sequences (TDS) between user controlled inputs and vulnerable statements. This process is akin to program slice of interest to calculate tainted data- and control-flow path which exhibits the dependence between tainted program inputs and vulnerable statements in the code. The dynamic part consists of executing the program along TDSs to trigger the vulnerability by generating suitable inputs. We use genetic algorithm to generate inputs. We propose a fitness function that approximates the program behavior (control flow) based on the frequencies of the statements along TDSs. This runtime aspect makes the approach faster and accurate. We provide experimental results on the Verisec benchmark to validate our approach.Comment: There are 15 pages with 1 figur

Analysis of Green Computing Strategy in University: Analytic Network Process (ANP) Approach

Strengths, Weaknesses, Opportunities and Threats (SWOT) analysis do not provide an analytical means to determine the importance of the identified factors of green computing strategy and implementation. Although the SWOT analysis successfully explores the factors, individual factors are usually described very generally. For this reason, SWOT analysis possesses deficiencies in the measurement and evaluation of green computing steps. Even though the analytic hierarchy process (AHP) technique eliminates these deficiencies, it does not allow for measuring the possible dependencies among the individual factors. The AHP method assumes that the green computing factors presented in the hierarchical structure are independent; however, this assumption may be inappropriate in light of certain situation. Therefore, it is important to utilize a form of SWOT analysis that calculates and takes into account the possible dependency among the factors. This paper demonstrates a process for quantitative SWOT analysis of green computing implementation that can be performed even when there is dependence among strategic factors. The proposed algorithm uses the analytic network process (ANP), which allows measurement of the dependency among the green computing implementation factors, as well as AHP, which is based on the independence between the factors. There are four alternatives: campus awareness program, computer procurement, increase in heat removal requirement, and increase in equipment power density for improving the implementation of green computing in campus. Dependency among the SWOT factors is observed to effect the strategic and sub-factor weights, as well as to change the strategy priorities. Based on ANC method, the best alternative for this implementation is computer procurement

Slicing of Web Applications Using Source Code Analysis

Program slicing revealed a useful way to limit the search of software defects during debugging and to better understand the decomposition of the application into computations. The web application is very widely used for spreading business throughout the world. To meet the desire of the customers, web applications should have more quality and robustness. Slicing, in the ?eld of web application, helps disclosing relevant information and understanding the internal system structure. This in turn helps in debugging, testing and in improving the program comprehensibility. The system dependence graph is an appropriate data structure for slice computation, in that it explicitly represents all dependencies that have to be taken into account in slice determination. We have extended the system dependence graph to Web-Application Dependence Graph (WADG). We have developed a partial tool for automatic generation of the WADG and computation of slices. In our literature survey, we found that most of the automatic graph generation tools are byte-code based. But, our tool uses the dependency analysis from the source code of the given program. We have presented three case studies by taking open source web programs and applying our techniques and slicing algorithm. We have found that the slices computed is correct and precise, which will be help full for program debugging and testing. Construction of the system dependence graph for Web applications is complicated by the presence of dynamic code. In fact, a Web application builds the HTML code to be transmitted to the browser at run time. Knowledge of such code is essential for slicing