Software vulnerability analysis framework based on uniform intermediate representation

Building secure software nowadays is a dominant goal in software development. Consequently, analyzing software vulnerabilities in order to determine how they can be prevented is the pivot of computer security. This paper presents a static analysis framework based on uniform intermediate representation to detect software vulnerabilities, and we have implemented an analysis tool called Melon based on the Microsoft Phoenix. We evaluate the effectiveness of Melon through a number of testing, and the experimental results show that it can effectively validate and analyze software vulnerabilities.

[1]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[2]  Gary McGraw,et al.  Static Analysis for Security , 2004, IEEE Secur. Priv..

[3]  ProofsGeorge C. Neculanecula Compiling with , 1997 .

[4]  Guofei Gu,et al.  TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[5]  Martin C. Rinard,et al.  Taint-based directed whitebox fuzzing , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[6]  David A. Wagner,et al.  Intrusion detection via static analysis , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[7]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[8]  Manu Sridharan,et al.  TAJ: effective taint analysis of web applications , 2009, PLDI '09.

[9]  James H. Cross,et al.  Reverse engineering and design recovery: a taxonomy , 1990, IEEE Software.

[10]  James Newsome,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[11]  Christopher Krügel,et al.  Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.

[12]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[13]  Alessandro Orso,et al.  Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.

[14]  John John Gough,et al.  Compiling for the .NET Common Language Runtime , 2001 .

[15]  David Grove,et al.  Frameworks for Intra- and Interprocedural Dataflow Analysis , 1998 .

[16]  David Evans,et al.  Improving Security Using Extensible Lightweight Static Analysis , 2002, IEEE Softw..

[17]  David Hovemeyer,et al.  Using Static Analysis to Find Bugs , 2008, IEEE Software.

[18]  Mark N. Wegman,et al.  An efficient method of computing static single assignment form , 1989, POPL '89.

[19]  David Watson,et al.  The Blaster worm: then and now , 2005, IEEE Security & Privacy Magazine.