Copyright Notice:
The publication copies distributed in this site are
provided to ensure timely dissemination of scholarly and technical
work. Copyright and all rights therein are retained by authors or by
other copyright holders (as explicitly indicated). All persons copying
this information are expected to adhere
to the terms and constraints invoked by each copyright. In
most cases, these works may not be reposted without the explicit
permission of the copyright holder
Davide Pozza, Riccardo Sisto,
A Lightweight Security Analyzer inside GCC,
in ARES 2008 - 3rd Int. Conf. on Availability, Reliability and Security, Barcelona, Spain, March 2008, IEEE, pp. 851-858.
©2008 IEEE
doi: 10.1109/ARES.2008.26
PDF
Abstract
This paper describes the design and implementation of a lightweight static security analyzer that exploits the compilation
process of the gcc compiler. The tool is aimed at giving to programmers useful and precise hints for improving the security
of the developed software, while also detecting format string vulnerabilities, buffer overflows, and subtle vulnerabilities
due to incorrect arithmetic and conversion on integers. The experimented technique is a combination of the taint analysis
concept and of a value range propagation algorithm. The experimental results obtained by analyzing some real-world security
critical programs show that the tool is only slightly heavier than pure compilation, and that it is able to detect known vulnerabilities,
as well as unknown ones. Moreover, even if false positives are given, many of the warnings that do not correspond to vulnerabilities
are indeed instances of unsafe programming practices, which can be avoided by applying a defensive programming style. Then,
the tool can be profitably used during development, as a means that facilitates such coding practice.
Back to Riccardo Sisto's publications