摘要: The last several years have seen a proliferation of static and runtime analysis tools for finding security violations that are caused by explicit information flow in programs. Much this interest has been the increase number vulnerabilities such as cross-site scripting SQL injection. In fact, these commonly found Web applications now outnumber buffer overruns common type-unsafe languages C C++. Tools checking require specification to operate. most cases task providing is delegated user. Moreover, efficacy only good specification. Unfortunately, writing comprehensive presents major challenge: parts easy miss, leading missed vulnerabilities; similarly, incorrect specifications may lead false positives.This paper proposes Merlin, new approach automatically inferring from program code. Such greatly reduce manual labor, enhance quality results, while using check flow. Beginning with data propagation graph, which represents interprocedural program, Merlin aims infer an models paths graph probabilistic constraints. A naive modeling requires exponential constraints, one per path graph. For scalability, we approximate constraints on chosen triples nodes, resulting cubic We characterize approximation abstraction, theory refinement developed McIver Morgan. solve system factor graphs, well-known structure performing inference.We experimentally validate applying it 10 large business-critical analyzed CAT.NET, state-of-the-art tool .NET. find total 167 confirmed specifications, result 322 additional across benchmarks. More accurate also positive rate: our experiments, Merlin-inferred 13 positives being removed; constitutes 15% reduction CAT.NET rate final after experiments drops under 1%.
acm.org
sci-hub.se 参考文章(34)
Carroll Morgan, Annabelle McIver, Abstraction, Refinement And Proof For Probabilistic Systems (Monographs in Computer Science) SpringerVerlag. ,(2004)
Alex Aiken, Yichen Xie, Static detection of security vulnerabilities in scripting languages usenix security symposium. pp. 13- ,(2006)
Andy Chou, Dawson R. Engler, David Yu Chen, Bugs as Inconsistent Behavior: A General Approach to Inferring Errors in Systems Code. symposium on operating systems principles. pp. 57- 72 ,(2001)
V. Benjamin Livshits, Monica S. Lam, Finding security vulnerabilities in java applications with static analysis usenix security symposium. pp. 18- 18 ,(2005)
Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, David Evans, Automatically Hardening Web Applications Using Precise Tainting information security conference. pp. 295- 307 ,(2004) , 10.1007/0-387-25660-1_20
Claire Le Goues, Westley Weimer, Specification Mining with Few False Positives tools and algorithms for construction and analysis of systems. pp. 292- 306 ,(2009) , 10.1007/978-3-642-00768-2_26
Lin Tan, Weiwei Xiong, Yuanyuan Zhou, Xiaolan Zhang, Xiao Ma, AutoISES: automatically inferring security specifications and detecting violations usenix security symposium. pp. 379- 394 ,(2008)
Ted Kremenek, Paul Twohey, Andrew Ng, Godmar Back, Dawson Engler, From uncertainty to belief: inferring the specification within operating systems design and implementation. pp. 161- 176 ,(2006) , 10.5555/1298455.1298471
Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, Der-Tsai Lee, Sy-Yen Kuo, Securing web application code by static analysis and runtime protection Proceedings of the 13th conference on World Wide Web - WWW '04. pp. 40- 52 ,(2004) , 10.1145/988672.988679
Jonathan S. Yedidia, Yair Weiss, William T. Freeman, Understanding belief propagation and its generalizations Exploring artificial intelligence in the new millennium. pp. 239- 269 ,(2003)