String Analysis for Vulnerability Detection and Repair
نویسنده
چکیده
String manipulation errors in input validation and sanitization code are a common source for security vulnerabilities in web applications. This short survey summarizes the string analysis techniques we developed that can automatically identify and repair such vulnerabilities. Our approach (1) extracts clientand server-side input validation and sanitization functions, (2) models them as deterministic finite automata (DFA) using symbolic fixpoint computations, and (3) identifies errors in input validation and sanitization code by either checking them with respect to manually specified attack patterns, or by identifying inconsistencies in input validation and sanitization operations at the client and server-side. Furthermore, we developed automated repair techniques that strengthen the input validation and sanitization checks in order to eliminate identified vulnerabilities. We implemented these techniques in two tools: Stranger (STRing AutomatoN GEneratoR) and SemRep (SEMantic differential REPair), which are available at: http://www.cs.ucsb.edu/~vlab/tools.html. Our experimental evaluation demonstrates that these techniques are very promising: when applied to a set of real-world web applications, our techniques are able to automatically identify a large number of security vulnerabilities and repair them.
منابع مشابه
Measuring the Effect of Code Complexity on Static Analysis Results
To understand the effect of code complexity on static analysis, thirty-five format string vulnerabilities were selected from the National Vulnerability Database. We analyzed two sets of code for each vulnerability. The first set of code contained the vulnerability, while the second was a later version of the code in which the vulnerability had been fixed. We examined the effect of both code com...
متن کاملIdea: Measuring the Effect of Code Complexity on Static Analysis Results
To understand the effect of code complexity on static analysis, thirty-five format string vulnerabilities were studied. We analyzed two code samples for each vulnerability, one containing the vulnerability and one in which the vulnerability was fixed. We examined the effect of code complexity on the quality of static analysis results, including successful detection and false positive rates. Sta...
متن کاملAutomata-based symbolic string analysis for vulnerability detection
Verifying string manipulating programs is a crucial problem in computer security. String operations are used extensively within web applications to manipulate user input, and their erroneous use is the most common cause of security vulnerabilities in web applications. We present an automata-based approach for symbolic analysis of string manipulating programs. We use deterministic finite automat...
متن کاملStatic Techniques for Vulnerability Detection
Software vulnerabilities provide a way to an attacker as vulnerabilities are the well-known and well understood flaws by the carelessness of developer of the software. For example buffer overflow and format string vulnerabilities are most common and well known class of vulnerabilities. In order to identify these vulnerabilities a comprehensive analysis is required to develop some standard solut...
متن کامل