Paper Info
Title
Combining Static and Dynamic Analysis for Vulnerability Detection
Abstract
In this paper, we present a hybrid approach for buffer overflow detection in C code. The approach makes use of static and dynamic analysis of the application under investigation. The static part consists in calculating taint dependency sequences (TDS) between user controlled inputs and vulnerable statements. This process is akin to program slice of interest to calculate tainted data- and control-flow path which exhibits the dependence between tainted program inputs and vulnerable statements in the code. The dynamic part consists of executing the program along TDSs to trigger the vulnerability by generating suitable inputs. We use genetic algorithm to generate inputs. We propose a fitness function that approximates the program behavior (control flow) based on the frequencies of the statements along TDSs. This runtime aspect makes the approach faster and accurate. We provide experimental results on the Verisec benchmark to validate our approach.
Year
Venue
Field
2013
CoRR
Program slicing,Program behavior,Computer science,Computer security,Control flow,Fitness function,Genetic algorithm,Buffer overflow,Vulnerability,Vulnerability detection
DocType
Volume
Citations 
Journal
abs/1305.3883
2
PageRank 
References 
Authors
0.38
15
4
Name
Order
Citations
PageRank
Sanjay Rawat114610.59
Dumitru Ceara2141.14
Laurent Mounier3118779.54
Marie-Laure Potet419021.34