Applying Dataflow Analysis to Detecting Software Vulnerability

Applying Dataflow Analysis to Detecting Software Vulnerability

In this paper, we propose a software vulnerability checker which takes rules describing vulnerability patterns and a source program as input and detects locations and paths of the patterns in the program. Simple and flow patterns for vulnerabilities are described as rules in the specification langua...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Hyunha Kim, Tae-Hyoung Choi, Seung-Cheol Jung, Hyoung-Cheol Kim, Oukseh Lee, Kyung-Goo Doh
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Computer science
Data analysis
Dataflow Analysis
Detectors
Engines
Flow graphs
Information analysis
Pattern analysis
Pattern matching
Software Vulnerability
Specification languages
Static Analysis
Testing
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 258
container_issue
container_start_page 255
container_title
container_volume 1
creator Hyunha Kim
Tae-Hyoung Choi
Seung-Cheol Jung
Hyoung-Cheol Kim
Oukseh Lee
Kyung-Goo Doh
description In this paper, we propose a software vulnerability checker which takes rules describing vulnerability patterns and a source program as input and detects locations and paths of the patterns in the program. Simple and flow patterns for vulnerabilities are described as rules in the specification language we designed. The lightweight control and data flow analysis is necessary to detect flow patterns. Newly discovered vulnerability patterns can easily be added to the existing rules. We implement the detector in three parts: a pattern matcher which finds locations of vulnerabilities in source program, a flow graph constructor which extracts the control flow and data flow from the program, and a flow analyzer which finds program's vulnerable execution paths.
doi_str_mv 10.1109/ICACT.2008.4493756
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_4493756</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>4493756</ieee_id><sourcerecordid>4493756</sourcerecordid><originalsourceid>FETCH-LOGICAL-i90t-9eeccaa6f5afc332614368954d92f7b874885e2f408cba16343b30e13f0c0e093</originalsourceid><addsrcrecordid>eNotj81KxDAURgMqOI7zArrpC7Te9CZpshFKxz8YcGFxO6TxRiKxLW1k6Ns74qy-xYHD-Ri74VBwDubupambtigBdCGEwUqqM3aljZTccFTVOVvxCnVuhJCXbDPPXwDAjaqgNCt2X49jXEL_mW1tsj4Oh6zubVzmMGdpyLaUyKU__Db4dLATZe8_safJdiGGtFyzC2_jTJvTrln7-NA2z_nu9enYtcuDgZQbIuesVV5a7xBLxQWqY6H4MKWvOl0JrSWVXoB2neUKBXYIxNGDAwKDa3b7rw1EtB-n8G2nZX96i799sEkV</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>Applying Dataflow Analysis to Detecting Software Vulnerability</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Hyunha Kim ; Tae-Hyoung Choi ; Seung-Cheol Jung ; Hyoung-Cheol Kim ; Oukseh Lee ; Kyung-Goo Doh</creator><creatorcontrib>Hyunha Kim ; Tae-Hyoung Choi ; Seung-Cheol Jung ; Hyoung-Cheol Kim ; Oukseh Lee ; Kyung-Goo Doh</creatorcontrib><description>In this paper, we propose a software vulnerability checker which takes rules describing vulnerability patterns and a source program as input and detects locations and paths of the patterns in the program. Simple and flow patterns for vulnerabilities are described as rules in the specification language we designed. The lightweight control and data flow analysis is necessary to detect flow patterns. Newly discovered vulnerability patterns can easily be added to the existing rules. We implement the detector in three parts: a pattern matcher which finds locations of vulnerabilities in source program, a flow graph constructor which extracts the control flow and data flow from the program, and a flow analyzer which finds program's vulnerable execution paths.</description><identifier>ISSN: 1738-9445</identifier><identifier>ISBN: 8955191367</identifier><identifier>ISBN: 9788955191363</identifier><identifier>ISBN: 8955191359</identifier><identifier>ISBN: 9788955191356</identifier><identifier>DOI: 10.1109/ICACT.2008.4493756</identifier><language>eng</language><publisher>IEEE</publisher><subject>Computer science ; Data analysis ; Dataflow Analysis ; Detectors ; Engines ; Flow graphs ; Information analysis ; Pattern analysis ; Pattern matching ; Software Vulnerability ; Specification languages ; Static Analysis ; Testing</subject><ispartof>2008 10th International Conference on Advanced Communication Technology, 2008, Vol.1, p.255-258</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/4493756$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,778,782,787,788,2054,27912,54907</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/4493756$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Hyunha Kim</creatorcontrib><creatorcontrib>Tae-Hyoung Choi</creatorcontrib><creatorcontrib>Seung-Cheol Jung</creatorcontrib><creatorcontrib>Hyoung-Cheol Kim</creatorcontrib><creatorcontrib>Oukseh Lee</creatorcontrib><creatorcontrib>Kyung-Goo Doh</creatorcontrib><title>Applying Dataflow Analysis to Detecting Software Vulnerability</title><title>2008 10th International Conference on Advanced Communication Technology</title><addtitle>ICACT</addtitle><description>In this paper, we propose a software vulnerability checker which takes rules describing vulnerability patterns and a source program as input and detects locations and paths of the patterns in the program. Simple and flow patterns for vulnerabilities are described as rules in the specification language we designed. The lightweight control and data flow analysis is necessary to detect flow patterns. Newly discovered vulnerability patterns can easily be added to the existing rules. We implement the detector in three parts: a pattern matcher which finds locations of vulnerabilities in source program, a flow graph constructor which extracts the control flow and data flow from the program, and a flow analyzer which finds program's vulnerable execution paths.</description><subject>Computer science</subject><subject>Data analysis</subject><subject>Dataflow Analysis</subject><subject>Detectors</subject><subject>Engines</subject><subject>Flow graphs</subject><subject>Information analysis</subject><subject>Pattern analysis</subject><subject>Pattern matching</subject><subject>Software Vulnerability</subject><subject>Specification languages</subject><subject>Static Analysis</subject><subject>Testing</subject><issn>1738-9445</issn><isbn>8955191367</isbn><isbn>9788955191363</isbn><isbn>8955191359</isbn><isbn>9788955191356</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2008</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotj81KxDAURgMqOI7zArrpC7Te9CZpshFKxz8YcGFxO6TxRiKxLW1k6Ns74qy-xYHD-Ri74VBwDubupambtigBdCGEwUqqM3aljZTccFTVOVvxCnVuhJCXbDPPXwDAjaqgNCt2X49jXEL_mW1tsj4Oh6zubVzmMGdpyLaUyKU__Db4dLATZe8_safJdiGGtFyzC2_jTJvTrln7-NA2z_nu9enYtcuDgZQbIuesVV5a7xBLxQWqY6H4MKWvOl0JrSWVXoB2neUKBXYIxNGDAwKDa3b7rw1EtB-n8G2nZX96i799sEkV</recordid><startdate>200802</startdate><enddate>200802</enddate><creator>Hyunha Kim</creator><creator>Tae-Hyoung Choi</creator><creator>Seung-Cheol Jung</creator><creator>Hyoung-Cheol Kim</creator><creator>Oukseh Lee</creator><creator>Kyung-Goo Doh</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>200802</creationdate><title>Applying Dataflow Analysis to Detecting Software Vulnerability</title><author>Hyunha Kim ; Tae-Hyoung Choi ; Seung-Cheol Jung ; Hyoung-Cheol Kim ; Oukseh Lee ; Kyung-Goo Doh</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i90t-9eeccaa6f5afc332614368954d92f7b874885e2f408cba16343b30e13f0c0e093</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2008</creationdate><topic>Computer science</topic><topic>Data analysis</topic><topic>Dataflow Analysis</topic><topic>Detectors</topic><topic>Engines</topic><topic>Flow graphs</topic><topic>Information analysis</topic><topic>Pattern analysis</topic><topic>Pattern matching</topic><topic>Software Vulnerability</topic><topic>Specification languages</topic><topic>Static Analysis</topic><topic>Testing</topic><toplevel>online_resources</toplevel><creatorcontrib>Hyunha Kim</creatorcontrib><creatorcontrib>Tae-Hyoung Choi</creatorcontrib><creatorcontrib>Seung-Cheol Jung</creatorcontrib><creatorcontrib>Hyoung-Cheol Kim</creatorcontrib><creatorcontrib>Oukseh Lee</creatorcontrib><creatorcontrib>Kyung-Goo Doh</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Hyunha Kim</au><au>Tae-Hyoung Choi</au><au>Seung-Cheol Jung</au><au>Hyoung-Cheol Kim</au><au>Oukseh Lee</au><au>Kyung-Goo Doh</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>Applying Dataflow Analysis to Detecting Software Vulnerability</atitle><btitle>2008 10th International Conference on Advanced Communication Technology</btitle><stitle>ICACT</stitle><date>2008-02</date><risdate>2008</risdate><volume>1</volume><spage>255</spage><epage>258</epage><pages>255-258</pages><issn>1738-9445</issn><isbn>8955191367</isbn><isbn>9788955191363</isbn><isbn>8955191359</isbn><isbn>9788955191356</isbn><abstract>In this paper, we propose a software vulnerability checker which takes rules describing vulnerability patterns and a source program as input and detects locations and paths of the patterns in the program. Simple and flow patterns for vulnerabilities are described as rules in the specification language we designed. The lightweight control and data flow analysis is necessary to detect flow patterns. Newly discovered vulnerability patterns can easily be added to the existing rules. We implement the detector in three parts: a pattern matcher which finds locations of vulnerabilities in source program, a flow graph constructor which extracts the control flow and data flow from the program, and a flow analyzer which finds program's vulnerable execution paths.</abstract><pub>IEEE</pub><doi>10.1109/ICACT.2008.4493756</doi><tpages>4</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1738-9445
ispartof 2008 10th International Conference on Advanced Communication Technology, 2008, Vol.1, p.255-258
issn 1738-9445
language eng
recordid cdi_ieee_primary_4493756
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Computer science
Data analysis
Dataflow Analysis
Detectors
Engines
Flow graphs
Information analysis
Pattern analysis
Pattern matching
Software Vulnerability
Specification languages
Static Analysis
Testing
title Applying Dataflow Analysis to Detecting Software Vulnerability
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-16T03%3A15%3A00IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=Applying%20Dataflow%20Analysis%20to%20Detecting%20Software%20Vulnerability&rft.btitle=2008%2010th%20International%20Conference%20on%20Advanced%20Communication%20Technology&rft.au=Hyunha%20Kim&rft.date=2008-02&rft.volume=1&rft.spage=255&rft.epage=258&rft.pages=255-258&rft.issn=1738-9445&rft.isbn=8955191367&rft.isbn_list=9788955191363&rft.isbn_list=8955191359&rft.isbn_list=9788955191356&rft_id=info:doi/10.1109/ICACT.2008.4493756&rft_dat=%3Cieee_6IE%3E4493756%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=4493756&rfr_iscdi=true