12,651 research outputs found
Towards Vulnerability Discovery Using Staged Program Analysis
Eliminating vulnerabilities from low-level code is vital for securing
software. Static analysis is a promising approach for discovering
vulnerabilities since it can provide developers early feedback on the code they
write. But, it presents multiple challenges not the least of which is
understanding what makes a bug exploitable and conveying this information to
the developer. In this paper, we present the design and implementation of a
practical vulnerability assessment framework, called Melange. Melange performs
data and control flow analysis to diagnose potential security bugs, and outputs
well-formatted bug reports that help developers understand and fix security
bugs. Based on the intuition that real-world vulnerabilities manifest
themselves across multiple parts of a program, Melange performs both local and
global analyses. To scale up to large programs, global analysis is
demand-driven. Our prototype detects multiple vulnerability classes in C and
C++ code including type confusion, and garbage memory reads. We have evaluated
Melange extensively. Our case studies show that Melange scales up to large
codebases such as Chromium, is easy-to-use, and most importantly, capable of
discovering vulnerabilities in real-world code. Our findings indicate that
static analysis is a viable reinforcement to the software testing tool set.Comment: A revised version to appear in the proceedings of the 13th conference
on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA),
July 201
The Progress, Challenges, and Perspectives of Directed Greybox Fuzzing
Most greybox fuzzing tools are coverage-guided as code coverage is strongly
correlated with bug coverage. However, since most covered codes may not contain
bugs, blindly extending code coverage is less efficient, especially for corner
cases. Unlike coverage-guided greybox fuzzers who extend code coverage in an
undirected manner, a directed greybox fuzzer spends most of its time allocation
on reaching specific targets (e.g., the bug-prone zone) without wasting
resources stressing unrelated parts. Thus, directed greybox fuzzing (DGF) is
particularly suitable for scenarios such as patch testing, bug reproduction,
and specialist bug hunting. This paper studies DGF from a broader view, which
takes into account not only the location-directed type that targets specific
code parts, but also the behaviour-directed type that aims to expose abnormal
program behaviours. Herein, the first in-depth study of DGF is made based on
the investigation of 32 state-of-the-art fuzzers (78% were published after
2019) that are closely related to DGF. A thorough assessment of the collected
tools is conducted so as to systemise recent progress in this field. Finally,
it summarises the challenges and provides perspectives for future research.Comment: 16 pages, 4 figure
Evaluating Software Architectures: Development Stability and Evolution
We survey seminal work on software architecture evaluationmethods. We then look at an emerging class of methodsthat explicates evaluating software architectures forstability and evolution. We define architectural stabilityand formulate the problem of evaluating software architecturesfor stability and evolution. We draw the attention onthe use of Architectures Description Languages (ADLs) forsupporting the evaluation of software architectures in generaland for architectural stability in specific
To Healthier Ethereum: A Comprehensive and Iterative Smart Contract Weakness Enumeration
With the increasing popularity of cryptocurrencies and blockchain technology,
smart contracts have become a prominent feature in developing decentralized
applications. However, these smart contracts are susceptible to vulnerabilities
that hackers can exploit, resulting in significant financial losses. In
response to this growing concern, various initiatives have emerged. Notably,
the SWC vulnerability list played an important role in raising awareness and
understanding of smart contract weaknesses. However, the SWC list lacks
maintenance and has not been updated with new vulnerabilities since 2020. To
address this gap, this paper introduces the Smart Contract Weakness Enumeration
(SWE), a comprehensive and practical vulnerability list up until 2023. We
collect 273 vulnerability descriptions from 86 top conference papers and
journal papers, employing open card sorting techniques to deduplicate and
categorize these descriptions. This process results in the identification of 40
common contract weaknesses, which are further classified into 20 sub-research
fields through thorough discussion and analysis. SWE provides a systematic and
comprehensive list of smart contract vulnerabilities, covering existing and
emerging vulnerabilities in the last few years. Moreover, SWE is a scalable,
continuously iterative program. We propose two update mechanisms for the
maintenance of SWE. Regular updates involve the inclusion of new
vulnerabilities from future top papers, while irregular updates enable
individuals to report new weaknesses for review and potential addition to SWE
- …