Software vulnerability analysis framework based on uniform intermediate representation

Author

Xu, Jun ; Cheng, Shaoyin ; Wang, Jiajie ; Li, Zifeng ; Jiang, Fan

Author_Institution

Dept. of Comput. Sci. & Technol., Univ. of Sci. & Technol. of China, Hefei, China

Volume

1

fYear

2010

fDate

3-5 Oct. 2010

Abstract

Building secure software nowadays is a dominant goal in software development. Consequently, analyzing software vulnerabilities in order to determine how they can be prevented is the pivot of computer security. This paper presents a static analysis framework based on uniform intermediate representation to detect software vulnerabilities, and we have implemented an analysis tool called Melon based on the Microsoft Phoenix. We evaluate the effectiveness of Melon through a number of testing, and the experimental results show that it can effectively validate and analyze software vulnerabilities.

Keywords

computer network security; software engineering; Melon; Microsoft Phoenix; computer security; software development; software security; software vulnerability analysis framework; uniform intermediate representation; Algorithm design and analysis; Assembly; Computer languages; Lattices; Purification; Security; Software; intermediate representation; static analysis; taint propagation analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Technology and Engineering (ICSTE), 2010 2nd International Conference on

Conference_Location

San Juan, PR

Print_ISBN

978-1-4244-8667-0

Electronic_ISBN

978-1-4244-8666-3

Type

conf

DOI

10.1109/ICSTE.2010.5608861

Filename

5608861