Using testing techniques for vulnerability detection in C programs

Amel Mammar; Ana Cavalli; Willy Jimenez; Wissam Mallouli; Edgardo Montes De Oca

doi:10.1007/978-3-642-24580-0_7

Using testing techniques for vulnerability detection in C programs

Amel Mammar
, Ana Cavalli
, Willy Jimenez
, Wissam Mallouli
, Edgardo Montes De Oca

CNRS UMR 5157 SAMOVAR
Montimage

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

Résumé

This paper presents a technique for vulnerability detection in C programs. It is based on a vulnerability formal model called "Vulnerability Detection Conditions" (VDCs). This model is used together with passive testing techniques for the automatic detection of vulnerabilities. The proposed technique has been implemented in a dynamic code analysis tool, TestInv-Code, which detects the presence of vulnerabilities on a given code, by checking dynamically the VDCs on the execution traces of the given program. The tool has been applied to several C applications containing some well known vulnerabilities to illustrate its effectiveness. It has also been compared with existing tools in the market, showing promising performances.

langue originale	Anglais
titre	Testing Software and Systems - 23rd IFIP WG 6.1 International Conference, ICTSS 2011, Proceedings
Editeur	Springer Verlag
Pages	80-96
Nombre de pages	17
ISBN (imprimé)	9783642245794
Les DOIs	https://doi.org/10.1007/978-3-642-24580-0_7
état	Publié - 1 janv. 2011
Evénement	23rd IFIP WG 6.1 International Conference on Testing Software and Systems, ICTSS 2011 - Paris, France Durée: 7 nov. 2011 → 10 nov. 2011

Série de publications

Nom	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7019 LNCS
ISSN (imprimé)	0302-9743
ISSN (Electronique)	1611-3349

Une conférence

Une conférence	23rd IFIP WG 6.1 International Conference on Testing Software and Systems, ICTSS 2011
Pays/Territoire	France
La ville	Paris
période	7/11/11 → 10/11/11

Accès au document

10.1007/978-3-642-24580-0_7

Autres fichiers et liens

Lien vers la publication dans Scopus

Contient cette citation

Mammar, A., Cavalli, A., Jimenez, W., Mallouli, W., & De Oca, E. M. (2011). Using testing techniques for vulnerability detection in C programs. Dans Testing Software and Systems - 23rd IFIP WG 6.1 International Conference, ICTSS 2011, Proceedings (p. 80-96). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol 7019 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-642-24580-0_7

Mammar, Amel ; Cavalli, Ana ; Jimenez, Willy et al. / Using testing techniques for vulnerability detection in C programs. Testing Software and Systems - 23rd IFIP WG 6.1 International Conference, ICTSS 2011, Proceedings. Springer Verlag, 2011. p. 80-96 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{a242479ba46e42dc862b866117e78c97,

title = "Using testing techniques for vulnerability detection in C programs",

abstract = "This paper presents a technique for vulnerability detection in C programs. It is based on a vulnerability formal model called {"}Vulnerability Detection Conditions{"} (VDCs). This model is used together with passive testing techniques for the automatic detection of vulnerabilities. The proposed technique has been implemented in a dynamic code analysis tool, TestInv-Code, which detects the presence of vulnerabilities on a given code, by checking dynamically the VDCs on the execution traces of the given program. The tool has been applied to several C applications containing some well known vulnerabilities to illustrate its effectiveness. It has also been compared with existing tools in the market, showing promising performances.",

keywords = "Dynamic Code Analysis, Passive Testing, Vulnerabilities Detection",

author = "Amel Mammar and Ana Cavalli and Willy Jimenez and Wissam Mallouli and \{De Oca\}, \{Edgardo Montes\}",

year = "2011",

month = jan,

day = "1",

doi = "10.1007/978-3-642-24580-0\_7",

language = "English",

isbn = "9783642245794",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "80--96",

booktitle = "Testing Software and Systems - 23rd IFIP WG 6.1 International Conference, ICTSS 2011, Proceedings",

note = "23rd IFIP WG 6.1 International Conference on Testing Software and Systems, ICTSS 2011 ; Conference date: 07-11-2011 Through 10-11-2011",

}

Mammar, A, Cavalli, A, Jimenez, W, Mallouli, W & De Oca, EM 2011, Using testing techniques for vulnerability detection in C programs. Dans Testing Software and Systems - 23rd IFIP WG 6.1 International Conference, ICTSS 2011, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), VOL. 7019 LNCS, Springer Verlag, p. 80-96, 23rd IFIP WG 6.1 International Conference on Testing Software and Systems, ICTSS 2011, Paris, France, 7/11/11. https://doi.org/10.1007/978-3-642-24580-0_7

Using testing techniques for vulnerability detection in C programs. / Mammar, Amel; Cavalli, Ana; Jimenez, Willy et al.
Testing Software and Systems - 23rd IFIP WG 6.1 International Conference, ICTSS 2011, Proceedings. Springer Verlag, 2011. p. 80-96 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol 7019 LNCS).

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

TY - GEN

T1 - Using testing techniques for vulnerability detection in C programs

AU - Mammar, Amel

AU - Cavalli, Ana

AU - Jimenez, Willy

AU - Mallouli, Wissam

AU - De Oca, Edgardo Montes

PY - 2011/1/1

Y1 - 2011/1/1

N2 - This paper presents a technique for vulnerability detection in C programs. It is based on a vulnerability formal model called "Vulnerability Detection Conditions" (VDCs). This model is used together with passive testing techniques for the automatic detection of vulnerabilities. The proposed technique has been implemented in a dynamic code analysis tool, TestInv-Code, which detects the presence of vulnerabilities on a given code, by checking dynamically the VDCs on the execution traces of the given program. The tool has been applied to several C applications containing some well known vulnerabilities to illustrate its effectiveness. It has also been compared with existing tools in the market, showing promising performances.

AB - This paper presents a technique for vulnerability detection in C programs. It is based on a vulnerability formal model called "Vulnerability Detection Conditions" (VDCs). This model is used together with passive testing techniques for the automatic detection of vulnerabilities. The proposed technique has been implemented in a dynamic code analysis tool, TestInv-Code, which detects the presence of vulnerabilities on a given code, by checking dynamically the VDCs on the execution traces of the given program. The tool has been applied to several C applications containing some well known vulnerabilities to illustrate its effectiveness. It has also been compared with existing tools in the market, showing promising performances.

KW - Dynamic Code Analysis

KW - Passive Testing

KW - Vulnerabilities Detection

UR - https://www.scopus.com/pages/publications/81255214514

U2 - 10.1007/978-3-642-24580-0_7

DO - 10.1007/978-3-642-24580-0_7

M3 - Conference contribution

AN - SCOPUS:81255214514

SN - 9783642245794

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 80

EP - 96

BT - Testing Software and Systems - 23rd IFIP WG 6.1 International Conference, ICTSS 2011, Proceedings

PB - Springer Verlag

T2 - 23rd IFIP WG 6.1 International Conference on Testing Software and Systems, ICTSS 2011

Y2 - 7 November 2011 through 10 November 2011

ER -

Mammar A, Cavalli A, Jimenez W, Mallouli W, De Oca EM. Using testing techniques for vulnerability detection in C programs. Dans Testing Software and Systems - 23rd IFIP WG 6.1 International Conference, ICTSS 2011, Proceedings. Springer Verlag. 2011. p. 80-96. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-24580-0_7

Using testing techniques for vulnerability detection in C programs

Résumé

Série de publications

Une conférence

Accès au document

Autres fichiers et liens

Empreinte digitale

Contient cette citation