Pattern Matching Security Properties of Code using Dependence Graphs
2005 (English)Conference paper (Other academic)
In recent years researchers have presented several tools for statically checking security properties of C code. But they all (currently) focus on one or two categories of security properties each. We have proposed dependencegraphs decorated with type-cast and range information as a more generic formalism allowing both for visual communication with the programmer and static analysis checking several security properties at once. Our prototype tool GraphMatch currently checks code for input validation flaws. But several research questions are still open. Most importantly we need to address the complexity of our algorithm for pattern matching graphs, the accuracy of our security models, and the generality of our formalism. Other questions regard the impact of security property visualization and heuristics for ranking of potential flaws found.
Place, publisher, year, edition, pages
Security properties; dependence graphs; static analysis
IdentifiersURN: urn:nbn:se:liu:diva-90028OAI: oai:DiVA.org:liu-90028DiVA: diva2:611276
1st International Workshop on Code Based Software Security Assessments (CoBaSSA 2005), Pittsburgh, Pennsylvania, USA, November 7, 2005