A Lightweight Security Analyzer inside GCC

This paper describes the design and implementation of a lightweight static security analyzer that exploits the compilation process of the gcc compiler. The tool is aimed at giving to programmers useful and precise hints for improving the security of the developed software, while also detecting format string vulnerabilities, buffer overflows, and subtle vulnerabilities due to incorrect arithmetic and conversion on integers. The experimented technique is a combination of the taint analysis concept and of a value range propagation algorithm. The experimental results obtained by analyzing some real-world security critical programs show that the tool is only slightly heavier than pure compilation, and that it is able to detect known vulnerabilities, as well as unknown ones. Moreover, even if false positives are given, many of the warnings that do not correspond to vulnerabilities are indeed instances of unsafe programming practices, which can be avoided by applying a defensive programming style. Then, the tool can be profitably used during development, as a means that facilitates such coding practice.

[1]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[2]  David A. Wagner,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .

[3]  M. Weber,et al.  A case study in detecting software security vulnerabilities using constraint optimization , 2001, Proceedings First IEEE International Workshop on Source Code Analysis and Manipulation.

[4]  Brian Chess,et al.  Improving computer security using extended static checking , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[5]  Christopher Krügel,et al.  Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[6]  Tadayoshi Kohno,et al.  Token-based scanning of source code for security problems , 2002, TSEC.

[7]  Dawson R. Engler,et al.  ARCHER: using symbolic, path-sensitive analysis to detect memory access errors , 2003, ESEC/FSE-11.

[8]  Gerard J. Holzmann,et al.  UNO: Static Source Code Checking for User-Defined Properties 1 , 2002 .

[9]  Jason R. C. Patterson,et al.  Accurate static branch prediction by value range propagation , 1995, PLDI '95.

[10]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[11]  Dawson R. Engler,et al.  Using programmer-written compiler extensions to catch security holes , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[12]  Michael Rodeh,et al.  CSSV: towards a realistic tool for statically detecting all buffer overflows in C , 2003, PLDI '03.

[13]  Dawson R. Engler,et al.  A system and language for building system-specific, static analyses , 2002, PLDI '02.

[14]  David Evans,et al.  Improving Security Using Extensible Lightweight Static Analysis , 2002, IEEE Softw..

[15]  Richard Lippmann,et al.  Testing static analysis tools using exploitable buffer overflows from open source code , 2004, SIGSOFT '04/FSE-12.

[16]  Jonathan D. Pincus,et al.  Beyond stack smashing: recent advances in exploiting buffer overruns , 2004, IEEE Security & Privacy Magazine.

[17]  Ken Kennedy,et al.  Interprocedural constant propagation , 1986, SIGP.

[18]  Kyung-Suk Lhee,et al.  Buffer overflow and format string overflow vulnerabilities , 2003, Softw. Pract. Exp..