N. V. Shimchik, V. N. Ignatyev, “Vulnerabilities detection via static taint analysis”, Proceedings of ISP RAS, 31:3 (2019), 177

Proceedings of the Institute for System Programming of the RAS

RUS ENG

JOURNALS PEOPLE ORGANISATIONS CONFERENCES SEMINARS VIDEO LIBRARY PACKAGE AMSBIB

JavaScript is disabled in your browser. Please switch it on to enable full functionality of the website

	General information
	Latest issue
	Archive

	Search papers
	Search references

	RSS
	Latest issue
	Current issues
	Archive issues
	What is RSS

Proceedings of ISP RAS:
Year:
Volume:
Issue:
Page:
	Find

Personal entry:
Login:
Password:
	Save password
	Enter
	Forgotten password?
	Register

Proceedings of the Institute for System Programming of the RAS, 2019, Volume 31, Issue 3, Pages 177–190
DOI: https://doi.org/10.15514/ISPRAS-2019-31(3)-14 (Mi tisp431)

This article is cited in 2 scientific papers (total in 2 papers)

Vulnerabilities detection via static taint analysis

N. V. Shimchik^a, V. N. Ignatyev^ba

^a Ivannikov Institute for System Programming of the Russian Academy of Sciences
^b Lomonosov Moscow State University

Full-text PDF (917 kB) Citations (2)

References:

PDF

HTML

DOI: https://doi.org/10.15514/ISPRAS-2019-31(3)-14

Abstract: Due to huge amounts of code in modern software products, there is always a variety of subtle errors or flaws in programs, which are hard to discover during everyday use or through conventional testing. A lot of such errors could be used as a potential attack vector if they could be exploited by a remote user via manipulation of program input. This paper presents the approach for automatic detection of security vulnerabilities using interprocedural static taint analysis. The goal of this study is to develop the infrastructure for taint analysis applicable for detection of vulnerabilities in C and C++ programs and extensible with separate detectors. This tool is based on the Interprocedural Finite Distributive Subset (IFDS) algorithm and is able to perform interprocedural, context-sensitive, path-insensitive analysis of programs represented in LLVM form. According to our research it is not possible to achieve good results using pure taint analysis, so together with several enhancements of existing techniques we propose to supplement it with additional static symbolic execution based analysis stage, which has path-sensitivity and considers memory region sizes for filtering results found by the first stage. The evaluation of results was made on Juliet Test Suite and open-source projects with publicly known vulnerabilities from CVE database.

Keywords: static code analysis, taint analysis, vulnerabilities.

Bibliographic databases:

Document Type: Article

Language: English

Citation: N. V. Shimchik, V. N. Ignatyev, “Vulnerabilities detection via static taint analysis”, Proceedings of ISP RAS, 31:3 (2019), 177–190

Citation in format AMSBIB

\Bibitem{ShiIgn19}

\by N.~V.~Shimchik, V.~N.~Ignatyev

\paper Vulnerabilities detection via static taint analysis

\jour Proceedings of ISP RAS

\yr 2019

\vol 31

\issue 3

\pages 177--190

\mathnet{http://mi.mathnet.ru/tisp431}

\crossref{https://doi.org/10.15514/ISPRAS-2019-31(3)-14}

\elib{https://elibrary.ru/item.asp?id=39556541}

Linking options:

https://www.mathnet.ru/eng/tisp431

https://www.mathnet.ru/eng/tisp/v31/i3/p177

This publication is cited in the following 2 articles:

Citing articles in Google Scholar: Russian citations, English citations
Related articles in Google Scholar: Russian articles, English articles

Proceedings of the Institute for System Programming of the RAS

Registration to the website

Logotypes