Utilizing type systems for static vulnerability analysis

Lavrentii Tsvetkov; Anton Spivak

doi:10.1109/FRUCT-ISPIT.2016.7561548

Proceedings of the XXth Conference of Open Innovations Association FRUCT (Apr 2016)

Utilizing type systems for static vulnerability analysis

Lavrentii Tsvetkov,
Anton Spivak

Affiliations

Lavrentii Tsvetkov: ITMO University, Saint Petersburg, Russia
Anton Spivak: ITMO University, Saint Petersburg, Russia

DOI: https://doi.org/10.1109/FRUCT-ISPIT.2016.7561548
Journal volume & issue: Vol. 664, no. 18
pp. 345 – 350

Abstract

Read online

Programming languages use type systems to reduce number of bugs. Type systems of most languages are not powerful enough to express basic exception safety. Extension of type system in a way that allows representing exception guaranties can provide valuable information to analysis tools. Such tools could even be implemented in type system. We describe a way to extend type system of a given language allowing security invariants to be expressed and vulnerable code to be located.

Published in Proceedings of the XXth Conference of Open Innovations Association FRUCT

ISSN: 2305-7254 (Print); 2343-0737 (Online)
Publisher: FRUCT
Country of publisher: Finland
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://fruct.org/publication

About the journal

Abstract

Keywords