Title :
A Method of Detecting Vulnerability Defects Based on Static Analysis
Author :
Qing, Xiao ; Hong, Yang Zhao ; Zhan, Gong Yun
Abstract :
This paper proposes a method for detecting vulnerability defects caused by tainted data based on state machine. It first uses state machine to define various defect patterns. If the states of state machine is considered as the value propagated in dataflow analysis and the union operation of the state sets as the aggregation operation of dataflow analysis, the defect detection can be treated as a forward dataflow analysis problem. To reduce the false positives caused by intraprocedural analysis, the dynamic information of program was represented approximately by abstract value of variables, and then infeasible path can be identified when some variable´s abstract value is empty in the state condition. A function summary method is proposed to get the information needed for performing interprocedural defect detection. The method proposed has been implemented in a defect testing tools.
Keywords :
data flow analysis; finite state machines; program debugging; forward dataflow analysis problem; intraprocedural analysis; state machine; static analysis; vulnerability defects detection method; Computer bugs; Context; Databases; Flow graphs; Security; Software; Testing; function summary; interval computation; state machine; static analysis; vulnerability defects;
Conference_Titel :
Information Technology and Applications (IFITA), 2010 International Forum on
Conference_Location :
Kunming
Print_ISBN :
978-1-4244-7621-3
Electronic_ISBN :
978-1-4244-7622-0
DOI :
10.1109/IFITA.2010.217
