您的位置:网站首页 > 《中文科技期刊数据库》 > 工程技术 > 自动化计算机 > 摘要

Automatic Detection and Repair Recommendation for Missing Checks

《计算机科学技术学报:英文版》2019年 第5期 | Ling-Yun Situ Lin-Zhang Wang Yang Liu Bing Mao Xuan-Dong Li   State Key Laboratory for Novel Software Technology Nanjing University Nanjing 210023 China Department of Computer Science and Technology Nanjing University Nanjing 210023 China School of Computer Science and Engineering Nanyang Technological University Singapore 639798 Singapore
购物车 | ★ 收藏 | 分享
论文服务:
摘 要:Missing checks for untrusted inputs used in security-sensitive operations is one of the major causes of various vulnerabilities. Efficiently detecting and repairing missing checks are essential for prognosticating potential vulnerabilities and improving code reliability. We propose a systematic static analysis approach to detect missing checks for manipulable data used in security-sensitive operations of C/C++ programs and recommend repair references. First, customized securitysensitive operations are located by lightweight static analysis. Then, the assailability of sensitive data used in securitysensitive operations is determined via taint analysis. And, the existence and the risk degree of missing checks are assessed. Finally, the repair references for high-risk missing checks are recommended. We implemented the approach into an automated and cross-platform tool named Vanguard based on Clang/LLVM 3.6.0. Large-scale experimental evaluation on open-source projects has shown its effectiveness and efficiency. Furthermore, Vanguard has helped us uncover five known vulnerabilities and 12 new bugs.
【分 类】【工业技术】 > 自动化技术、计算机技术
【关键词】 static analysis MISSING CHECK VULNERABILITY detection REPAIR RECOMMENDATION
【出 处】 《计算机科学技术学报:英文版》2019年 第5期 972-992页 共21页
【收 录】 中文科技期刊数据库