CodeAuditor: A Vulnerability Detection Framework Based on Constraint Analysis and Model Checking

Open source applications have flourished over recent years. Meanwhile security vulnerabilities in such applications have grown. Since manual code auditing is error-prone, time-consuming and costly, automatic solutions have become necessary. In this paper we address program vulnerabilities by static...

Full description

Saved in:
Bibliographic Details
Published in:2009 International Conference on Management and Service Science pp. 1 - 4
Main Authors: Lei Wang, Gui Chen, Jianan Wang, Pengchao Zhao, Qiang Zhang
Format: Conference Proceeding
Language:English
Published: IEEE 01.09.2009
Subjects:
Application software
Automatic control
Buffer overflow
Computer bugs
Flow graphs
Formal verification
Instruments
Pattern analysis
Programming
Prototypes
ISBN:1424446384, 9781424446384
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Open source applications have flourished over recent years. Meanwhile security vulnerabilities in such applications have grown. Since manual code auditing is error-prone, time-consuming and costly, automatic solutions have become necessary. In this paper we address program vulnerabilities by static code analysis. First, we use flow-insensitive and interprocedural constraint-based analysis to extract the vulnerability detection model from the source code. Second, we employ model checking to solve the model. In addition, we do alias analysis to improve the correctness and precision of the detection model. The presented concepts are targeted at the general class of buffer-related vulnerabilities and can be applied to the detection of vulnerability types such as buffer overflow, format string attack, and code injection. CodeAuditor, the prototype implementation of our methods, is targeted at detecting buffer overflow vulnerabilities in C source code. It can be regarded as a vulnerability framework in which a variety of analysis and model checking tools can be incorporated. With this tool, 18 previously unknown vulnerabilities in six open source applications were discovered and the observed false positive rate was at around 23%.
ISBN:1424446384
9781424446384
DOI:10.1109/ICMSS.2009.5304255