Title :
Scalable Security Verification of Software at Compile Time
Author :
Tlili, Syrine ; Fernandez, Jose M. ; Belghith, Akram ; Dridi, Bilel ; Hidouri, Soufien
Author_Institution :
Hana Res. Lab., Univ. of Manouba, Tunis, Tunisia
Abstract :
Automated verification tools are required to detect coding errors that may lead to severe software vulnerabilities. However, the usage of these tools is still not well integrated into software development life cycle. In this paper, we present our approach that brings the software compilation process and security verification to a meeting point where both can be applied simultaneously in a user-friendly manner. Our security verification engine is implemented as a new GCC pass that can be enabled via flag-fsecurity-check=checks.xml where the input XML file contains a set of user-defined security checks. The verification operates on the GIMPLE intermediate representation of source code that is language and platform independent. The conducted experiments demonstrate the scalability, efficiency and performance of our engine used to verify large scale software, especially the entire Linux kernel source code.
Keywords :
Linux; XML; formal verification; security of data; GCC pass; Linux kernel source code; automated verification tools; scalable security verification engine; software compilation process; software development life cycle; software vulnerabilities; Automata; Engines; Monitoring; Scalability; Security; Software; XML; Finite State Automata; GCC; Security Verification; Static Analysis;
Conference_Titel :
Source Code Analysis and Manipulation (SCAM), 2014 IEEE 14th International Working Conference on
Conference_Location :
Victoria, BC
DOI :
10.1109/SCAM.2014.20
