TY - GEN
T1 - Detection of security vulnerabilities induced by integer errors
AU - Kissi, Salim Yahia
AU - Seladji, Yassamine
AU - Ameur-Boulifa, Rabéa
N1 - Publisher Copyright:
Copyright © 2021 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved
PY - 2021/1/1
Y1 - 2021/1/1
N2 - Sometimes computing platforms, e.g. storage device, compilers, operating systems used to execute software programs make them misbehave, this type of issues could be exploited by attackers to access sensitive data and compromise the system. This paper presents an automatable approach for detecting such security vulnerabilities due to improper execution environment. Specifically, the advocated approach targets the detection of security vulnerabilities in the software caused by memory overflows such as integer overflow. Based on analysis of the source code and by using a knowledge base gathering common execution platform issues and known restrictions, the paper proposes a framework able to infer the required assertions, without manual code annotations and rewriting, for generating logical formulas that can be used to reveal potential code weaknesses.
AB - Sometimes computing platforms, e.g. storage device, compilers, operating systems used to execute software programs make them misbehave, this type of issues could be exploited by attackers to access sensitive data and compromise the system. This paper presents an automatable approach for detecting such security vulnerabilities due to improper execution environment. Specifically, the advocated approach targets the detection of security vulnerabilities in the software caused by memory overflows such as integer overflow. Based on analysis of the source code and by using a knowledge base gathering common execution platform issues and known restrictions, the paper proposes a framework able to infer the required assertions, without manual code annotations and rewriting, for generating logical formulas that can be used to reveal potential code weaknesses.
KW - Integer Overflow
KW - Memory Errors
KW - Satisfiability Analysis
KW - Security Vulnerability
KW - Software Analysis
U2 - 10.5220/0010551301770184
DO - 10.5220/0010551301770184
M3 - Conference contribution
AN - SCOPUS:85111760860
T3 - Proceedings of the 16th International Conference on Software Technologies, ICSOFT 2021
SP - 177
EP - 184
BT - Proceedings of the 16th International Conference on Software Technologies, ICSOFT 2021
A2 - Fill, Hans-Georg
A2 - van Sinderen, Marten
A2 - Maciaszek, Leszek
A2 - Maciaszek, Leszek
PB - SciTePress
T2 - 16th International Conference on Software Technologies, ICSOFT 2021
Y2 - 6 July 2021 through 8 July 2021
ER -