This paper describes the design and implementation of a lightweight static security analyzer that exploits the compilation process of the gcc compiler. The tool is aimed at giving to programmers useful and precise hints for improving the security of the developed software, while also detecting format string vulnerabilities, buffer overflows, and subtle vulnerabilities due to incorrect arithmetic and conversion on integers. The experimented technique is a combination of the taint analysis concept and of a value range propagation algorithm. The experimental results obtained by analyzing some real-world security critical programs show that the tool is only slightly heavier than pure compilation, and that it is able to detect known vulnerabilities, as well as unknown ones. Moreover, even if false positives are given, many of the warnings that do not correspond to vulnerabilities are indeed instances of unsafe programming practices, which can be avoided by applying a defensive programming style. Then, the tool can be profitably used during development, as a means that facilitates such coding practice.

A Lightweight Security Analyzer inside GCC / Pozza, Davide; Sisto, Riccardo. - STAMPA. - (2008), pp. 851-858. (Intervento presentato al convegno ARES 2008 - 3rd Int. Conf. on Availability, Reliability and Security tenutosi a Barcelona, Spain nel Marzo 2008) [10.1109/ARES.2008.26].

A Lightweight Security Analyzer inside GCC

POZZA, DAVIDE;SISTO, Riccardo
2008

Abstract

This paper describes the design and implementation of a lightweight static security analyzer that exploits the compilation process of the gcc compiler. The tool is aimed at giving to programmers useful and precise hints for improving the security of the developed software, while also detecting format string vulnerabilities, buffer overflows, and subtle vulnerabilities due to incorrect arithmetic and conversion on integers. The experimented technique is a combination of the taint analysis concept and of a value range propagation algorithm. The experimental results obtained by analyzing some real-world security critical programs show that the tool is only slightly heavier than pure compilation, and that it is able to detect known vulnerabilities, as well as unknown ones. Moreover, even if false positives are given, many of the warnings that do not correspond to vulnerabilities are indeed instances of unsafe programming practices, which can be avoided by applying a defensive programming style. Then, the tool can be profitably used during development, as a means that facilitates such coding practice.
2008
9780769531021
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/1837589
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo