Industrial Experience of Finding Cryptographic Vulnerabilities in Large-scale Codebases
نویسندگان
چکیده
Enterprise environment often screens large-scale (millions of lines code) codebases with static analysis tools to find bugs and vulnerabilities. Parfait is a code tool used in Oracle security vulnerabilities industrial codebases. Recently, many studies show that there are complicated cryptographic caused by misusing APIs Java TM 1 In this paper, we describe how realize precise scalable detection these based on framework. The key challenge the high false alarm rate pseudo-influences. Pseudo-influences happen if security-irrelevant constants constructing security-critical values. Static usually unable distinguish them from hard-coded expose sensitive information. We tackle problem specializing backward dataflow refinement insights, an idea CryptoGuard [ 20 ]. evaluate our analyzer comprehensive vulnerability benchmark eleven large real-world applications. results Parfait-based detector can true-positive rates low runtime cost.
منابع مشابه
Cryptographic Design Vulnerabilities
P opular magazines often describe cryptography products in terms of algorithms and key lengths. These security techniques make good headlines. They can be explained in a few words and they’re easy to compare with one another. We’ve seen statements like “128-bit keys mean strong security, while 40-bit keys are weak” or “triple-DES is much stronger than single DES” or even “2,048-bit RSA is bette...
متن کاملFinding Bottlenecks in Large Scale Parallel Programs
This thesis addresses the problem of trying to locate the source of performance bottlenecks in large-scale parallel and distributed applications. Performance monitoring creates a dilemma: identifying a bottleneck necessitates collecting detailed information, yet collecting all this data can introduce serious data collection bottlenecks. At the same time, users are being inundated with volumes o...
متن کاملA Large Scale Study of Web Service Vulnerabilities
The pervasiveness of Web Services, compounded with seamless interoperability characteristics, introduces security concerns that are to be carefully considered with the envisioned internet architecture. In this paper, we propose a comprehensive study on Web Service vulnerabilities. We consider not only well known Web-based vulnerabilities such as SQL injection, session replay etc, but we also an...
متن کاملFinding Local Resource Exhaustion Vulnerabilities∗
Computer systems connected to the Internet are highly susceptible to hackers that can compromise the service availability through denial of service attacks, causing damage to customers and service providers. Our work focuses on using the attack injection methodology with some advanced monitoring capabilities to detect and identify local resource exhaustion vulnerabilities. It goes even further ...
متن کاملSTING: Finding Name Resolution Vulnerabilities in Programs
The process of name resolution, where names are resolved into resource references, is fundamental to computer science, but its use has resulted in several classes of vulnerabilities. These vulnerabilities are difficult for programmers to eliminate because their cause is external to the program: the adversary changes namespace bindings in the system to redirect victim programs to a resource of t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Digital threats
سال: 2023
ISSN: ['2692-1626', '2576-5337']
DOI: https://doi.org/10.1145/3507682