Труды Института системного программирования РАН (Jan 2006)
Using data flow analysis for detecting security vulnerabilities.
Abstract
This paper addresses the issues of using data flow analysis approach for detecting certain types of programming errors in the source code. The primary motivation of this work is that programming errors like a missing array or buffer bounds checking may lead to security vulnerabilities in programs. The article is devoted to the detection of buffer overflow, unchecked input usage, and memory leak errors. A new approach for static detection of these kinds of errors is described. The approach combines forward data-flow intraprocedural alias and integer range analyses as well as flow-sensitive and partly context-sensitive interprocedural analysis. The algorithm is based on the notion of an abstract memory location (AML). The rules for computing attributes of AMLs as well as number of heuristics used to improve the algorithm are discussed. The suggested approach has been implemented for checking С programs. The paper reports on evaluating the tool with a number of open source programs.