We use cookies to improve your experience with our site.

Indexed in:

SCIE, EI, Scopus, INSPEC, DBLP, CSCD, etc.

Submission System
(Author / Reviewer / Editor)
Advanced Search
Volume 34 Issue 5
August  2019
Turn off MathJax
Article Contents
Abstract
References
Related Articles
Supplements
Ling-Yun Situ, Lin-Zhang Wang, Yang Liu, Bing Mao, Xuan-Dong Li. Automatic Detection and Repair Recommendation for Missing Checks[J]. Journal of Computer Science and Technology, 2019, 34(5): 972-992. DOI: 10.1007/s11390-019-1955-3
Citation: Ling-Yun Situ, Lin-Zhang Wang, Yang Liu, Bing Mao, Xuan-Dong Li. Automatic Detection and Repair Recommendation for Missing Checks[J]. Journal of Computer Science and Technology, 2019, 34(5): 972-992. DOI: 10.1007/s11390-019-1955-3
shu

Automatic Detection and Repair Recommendation for Missing Checks

  • 1 State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210023, China;
    2 Department of Computer Science and Technology, Nanjing University, Nanjing 210023, China;
    3 School of Computer Science and Engineering, Nanyang Technological University, Singapore 639798, Singapore

Funds: This work was supported by the National Key Research and Development Program of China under Grant No. 2017YFA0700604, and the National Natural Science Foundation of China under Grant Nos. 61632015 and 61690204, and partially supported by the Collaborative Innovation Center of Novel Software Technology and Industrialization, and Nanjing University Innovation and Creative Program for Ph.D. Candidate under Grant No. 2016014.
More Information
  • Author Bio:

    Ling-Yun Situ is a Ph.D. candidate in State Key Laboratory for Novel Software Technology, Department of Computer Science and Technology, Nanjing University, Nanjing. He received his B.S. degree in computer science from Jiangsu University, Zhenjiang, in 2011, and his M.S. degree in computer science from Guilin University of Electronic and Technology, Guilin, in 2014. His research interests include software and system security, static analysis and fuzzing.

  • Corresponding author:

    Lin-Zhang Wang E-mail: lzwang@nju.edu.cn

  • Received Date: February 25, 2019
  • Revised Date: July 21, 2019
  • Published Date: August 30, 2019
    Abstract
  • Missing checks for untrusted inputs used in security-sensitive operations is one of the major causes of various vulnerabilities. Efficiently detecting and repairing missing checks are essential for prognosticating potential vulnerabilities and improving code reliability. We propose a systematic static analysis approach to detect missing checks for manipulable data used in security-sensitive operations of C/C++ programs and recommend repair references. First, customized securitysensitive operations are located by lightweight static analysis. Then, the assailability of sensitive data used in securitysensitive operations is determined via taint analysis. And, the existence and the risk degree of missing checks are assessed. Finally, the repair references for high-risk missing checks are recommended. We implemented the approach into an automated and cross-platform tool named Vanguard based on Clang/LLVM 3.6.0. Large-scale experimental evaluation on open-source projects has shown its effectiveness and efficiency. Furthermore, Vanguard has helped us uncover five known vulnerabilities and 12 new bugs.
    • FullText(HTML)
    • References (54)
  • [1]
    Piromsopa K, Enbody R J. Survey of protections from buffer-overflow attacks. Engineering Journal, 2011, 15(2):31-52.
    [2]
    Sipser M. Introduction to the Theory of Computation (2nd edition). Course Technology, 2006.
    [3]
    Gao F, Wang L, Li X. BovInspector:Automatic inspection and repair of buffer overflow vulnerabilities. In Proc. the 31st Int. Conference on Automated Software Engineering, September 2016, pp.786-791.
    [4]
    Chen G, Jin H, Zou D, Zhou B, Liang Z, Zheng W, Shi X. SafeStack:Automatically patching stack-based buffer overflow vulnerabilities. IEEE Trans. Dependable and Secure Computing, 2013, 10(6):368-379.
    [5]
    Wang T, Wei T, Lin Z, Zou W. IntScope:Automatically detecting integer overflow vulnerability in X86 binary using symbolic execution. In Proc. the 16th Network and Distributed System Security Symposium, February 2009, Article No. 17.
    [6]
    Dietz W, Li P, Regehr J, Adve V. Understanding integer overflow in C/C++. ACM Trans. Software Engineering and Methodology, 2015, 25(1):Article No. 2.
    [7]
    Lee B, Song C, Jang Y et al. Preventing use-after-free with Dangling pointers nullification. In Proc. the 22th Annual Network and Distributed System Security Symposium, February 2015, Article No. 21.
    [8]
    Yan H, Sui Y, Chen S, Xue J. Spatio-temporal context reduction:A pointer-analysis-based static approach for detecting use-after-free vulnerabilities. In Proc. the 40th Int. Software Conference on Engineering, May 2018, pp.327-337.
    [9]
    Li M, Chen Y, Wang L, Xu G. Dynamically validating static memory leak warnings. In Proc. the 22nd Int. Symposium on Software Testing and Analysis, July 2013, pp.112-122.
    [10]
    Sui Y, Ye D, Xue J. Detecting memory leaks statically with full-sparse value-flow analysis. IEEE Trans. Software Engineering, 2014, 40(2):107-122.
    [11]
    Szekeres L, Payer M, Wei T, Dawn S. SoK:Eternal war in memory. In Proc. the 34th Int. IEEE Symposium on Security and Privacy, May 2013, pp.48-62.
    [12]
    Das A, Lal A. Precise null pointer analysis through global value numbering. In Proc. the 15th Int. Symposium on Automated Technology for Verification and Analysis, October 2017, pp.25-41.
    [13]
    Akritidis P, Costa M, Castro M, Hand S. Baggy bounds checking:An efficient and backwards-compatible defense against out-of-bounds errors. In Proc. the 18th USENIX Security Symposium, August 2009, pp.51-66.
    [14]
    Kim D, Nam J, Song J et al. Automatic patch generation learned from human-written patches. In Proc. the 35th Int. Conference on Software Engineering, May 2013, pp.802-811.
    [15]
    Li P, Cui B. A comparative study on software vulnerability static analysis techniques and tools. In Proc. the 2010 International Conference on Information Theory and Information Security, Dec. 2010, pp.521-524.
    [16]
    Wagner D A, Foster J S, Brewer E A, Aiken A. A first step towards automated detection of buffer overrun vulnerabilities. In Proc. the 7th Network and Distributed System Security Symposium, February 2000, Article No. 1.
    [17]
    Situ L, Zou L, Wang L, Liu Y, Mao B, Li X. Detecting missing checks for identifying insufficient attack protections. In Proc. the 40th Int. Conference on Software Engineering, May 2018, pp.238-239.
    [18]
    Ming J, Wu D, Xiao G, Wang J, Liu P. TaintPipe:Pipelined symbolic taint analysis. In Proc. the 24th USENIX Security Symposium, August 2015, pp.65-80.
    [19]
    Cadar C, Sen K. Symbolic execution for software testing:Three decades later. Commun. ACM, 2013, 56(2):82-90.
    [20]
    Li Y, Su Z, Wang L, Li X. Steering symbolic execution to less traveled paths. In Proc. the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications, October 2013, pp.19-32.
    [21]
    Majumdar R, Sen K. Hybrid concolic testing. In Proc. the 29th Int. Conference on Software Engineering, May 2007, pp.416-426.
    [22]
    Seo H, Kim S. How we get there:A context-guided search strategy in concolic testing. In Proc. the 22nd Int. Symposium on Foundations of Software Engineering, November 2014, pp.413-424.
    [23]
    Bérard B, Bidoit M, Finkel A, Laroussinie F, Petit A, Petrucci L, Schnoebelen P, McKenzie P. Systems and Software Verification:Model-Checking Techniques and Tools. Springer, 2001.
    [24]
    Situ L, Zhao L. CSP bounded model checking of preprocessed CTL extended with events using answer set programming. In Proc. the 2015 Asia-Pacific Software Engineering Conference, December 2015, pp.16-23.
    [25]
    Sutton M, Greene A, Amini P. Fuzzing:Brute Force Vulnerability Discovery (1st edition). Addison-Wesley Professional, 2007.
    [26]
    Stephens N, Grosen J, Salls C et al. Driller:Augmenting fuzzing through selective symbolic execution. In Proc. the 23rd Annual Network and Distributed System Security Symposium, February 2016, Article No. 28.
    [27]
    Yamaguchi F, Wressnegger C, Gascon H et al. Chucky:Exposing missing checks in source code for vulnerability discovery. In Proc. the 2013 ACM SIGSAC Conference on Computer & Communications Security, November 2013, pp.499-510.
    [28]
    Son S, McKinley K S, Shmatikov V. RoleCast:Finding missing security checks when you do not know what checks are. In Proc. the 26th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, October 2011, pp.1069-1084.
    [29]
    Lattner C. LLVM and Clang:Next generation compiler technology. https://clvm.org, July 2019.
    [30]
    Ryder B G. Constructing the call graph of a program. IEEE Trans. Software Engineering, 1979, 5(3):216-226.
    [31]
    Stanier J, Watson D. Intermediate representations in imperative compilers:A survey. ACM Computing Surveys, 2013, 45(3):Article No. 26.
    [32]
    Pendleton M, Garcia-Lebron R, Cho J H, Xu S. A survey on systems security metrics. ACM Computing Surveys, 2017, 49(4):Article No. 62.
    [33]
    Gao F, Chen T, Wang Y, Situ L, Wang L, Li X. Carraybound:Static array bounds checking in C programs based on taint analysis. In Proc. the 8th Int. Asia-Pacific Symposium on Internetware, September 2016, pp.81-90.
    [34]
    Ceara D, Potet M L, Ensimag G I, Mounier, L. Detecting software vulnerabilities-static taint analysis. https://docplayer.net/18105375-Detecting-software-vulnerabilities-static-taint-analysis.html, July 2019.
    [35]
    Lalande J F, Heydemann K, Berthomé P. Software countermeasures for control flow integrity of smart card C codes. In Proc. the 19th European Symposium on Research in Computer Security, Sept. 2014, pp.200-2018.
    [36]
    Kang M G, McCamant S, Poosankam P, Dawn S. DTA++:Dynamic taint analysis with targeted control-flow propagation. In Proc. the 18th Network and Distributed System Security Symposium, February 2011, Article No. 15.
    [37]
    Li L, Bartel A, Klein J, Traon Y L, Arzt S, Rasthofer S, Bodden E, Octeau D, Mcdaniel P. I know what leaked in your pocket:Uncovering privacy leaks on Android Apps with static taint analysis. arXiv:1404.7431, 2014. https://arxiv.org/pdf/1404.7431.pdf, June 2019.
    [38]
    Schwartz E J, Avgerinos T, Brumley D. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In Proc. the 31st IEEE Symposium on Security and Privacy, May 2010, pp.317-331.
    [39]
    Clause J, Li W, Orso A. Dytan:A generic dynamic taint analysis framework. In Proc. the 16th ACM/SIGSOFT Int. Symposium on Software Testing and Analysis, July 2007, pp.196-206.
    [40]
    Jovanovic N, Krüegel C, Kirda E. Pixy:A static analysis tool for detecting Web application vulnerabilities (Short Paper). In Proc. the 27th IEEE Symposium on Security and Privacy, May 2006, pp.258-263.
    [41]
    Chang R, Jiang G, Ivancic F, Sankaranarayanan S, Shmatikov V. Inputs of coma:Static detection of denial-ofservice vulnerabilities. In Proc. the 22nd IEEE Computer Security Foundations Symposium, July 2009, pp.186-199.
    [42]
    Kremenek T, Engler D. Z-Ranking:Using statistical analysis to counter the impact of static analysis approximations. In Proc. the 10th Int. Symposium on Static Analysis, June 2003, pp.295-315.
    [43]
    Kim S, Ernst M D. Prioritizing warning categories by analyzing software history. In Proc. the 4th Workshop on Mining Software Repositories, May 2007, pp.27-31.
    [44]
    Ha J, Rossbach C J, Davis J V, Roy I, Ramadan H E, Porter D E, Chen D L, Witchel E. Improved error reporting for software that uses black-box components. In Proc. the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, June 2007, pp.101-111.
    [45]
    Situ L, Wang L, Liu Y, Mao B, Li X. Vanguard:Detecting missing checks for prognosing potential vulnerabilities. In Proc. the 10th Asia-Pacific Symposium on Internetware, September 2018, Article No. 5.
    [46]
    Goues L C, Nguyen T V, Forrest S et al. GenProg:A generic method for automatic software repair. IEEE Trans. Software Engineering, May 2011, 38(1):54-72.
    [47]
    Qi Y, Mao X, Lei Y, Dai Z, Wang C. The strength of random search on automated program repair. In Proc. the 36th Int. Conference on Software Engineering, May 2014, pp.254-265.
    [48]
    Xiong Y, Wang J, Yan R, Zhang J, Han S, Huang G, Zhang L. Precise condition synthesis for program repair. In Proc. the 39th Int. Conference on Software Engineering, May 2017, pp.416-426.
    [49]
    Tan S H, Roychoudhury A. Relifix:Automated repair of software regressions. In Proc. the 37th IEEE/ACM International Conference on Software Engineering, May 2015, pp.471-482.
    [50]
    Nguyen H D T, Qi D, Roychoudhury A, Chandra S. SemFix:Program repair via semantic analysis. In Proc. the 35th Int. Conference on Software Engineering, May 2013, pp.772-781.
    [51]
    Mechtaev S, Yi J, Roychoudhury A. Angelix:Scalable multiline program patch synthesis via symbolic analysis. In Proc. the 38th Int. Conference on Software Engineering, May 2016, pp.691-701.
    [52]
    Le X B D, Chu D H, Lo D, Le G C, Visser W. JFIX:Semantics-based repair of Java programs via symbolic PathFinder. In Proc. the 26th ACM SIGSOFT Int. Symposium on Software Testing and Analysis, July 2017, pp.376-379.
    [53]
    Gupta R, Pal S, Kanade A, Shevade S. DeepFix:Fixing common C language errors by deep learning. In Proc. the 31st AAAI Conference on Artificial Intelligence, February 2017, pp.1345-1351.
    [54]
    Wang C, Jiang Y, Zhao X, Song X, Gu M. Weak-Assert:A weakness-oriented assertion recommendation toolkit for program analysis. In Proc. the 40th Int. Conference on Software Engineering, May 2018, pp.69-72.
    • Relative Articles

  • Related Articles

    [1]Peng-Sheng Liu, Li-Nan Zheng, Jia-Le Chen, Guang-Fa Zhang, Yang Xu, Jin-Yun Fang. Enhancing Recommendation with Denoising Auxiliary Task[J]. Journal of Computer Science and Technology, 2024, 39(5): 1123-1137. DOI: 10.1007/s11390-024-4069-5
    [2]Teng-Yue Han, Peng-Fei Wang, Shao-Zhang Niu. Multimodal Interactive Network for Sequential Recommendation[J]. Journal of Computer Science and Technology, 2023, 38(4): 911-926. DOI: 10.1007/s11390-022-1152-7
    [3]Wen-Hua Yang, Min-Xue Pan, Yu Zhou, Zhi-Qiu Huang. Meaningful Update and Repair of Markov Decision Processes for Self-Adaptive Systems[J]. Journal of Computer Science and Technology, 2022, 37(1): 106-127. DOI: 10.1007/s11390-021-1484-8
    [4]Yu-Yao Liu, Bo Yang, Hong-Bin Pei, Jing Huang. Neural Explainable Recommender Model Based on Attributes and Reviews[J]. Journal of Computer Science and Technology, 2020, 35(6): 1446-1460. DOI: 10.1007/s11390-020-0152-8
    [5]Fu-Zhen Zhuang, Ying-Min Zhou, Hao-Chao Ying, Fu-Zheng Zhang, Xiang Ao, Xing Xie, Qing He, Hui Xiong. Sequential Recommendation via Cross-Domain Novelty Seeking Trait Mining[J]. Journal of Computer Science and Technology, 2020, 35(2): 305-319. DOI: 10.1007/s11390-020-9945-z
    [6]Yang Liu, Zhi Li, Wei Huang, Tong Xu, En-Hong Chen. Exploiting Structural and Temporal Influence for Dynamic Social-Aware Recommendation[J]. Journal of Computer Science and Technology, 2020, 35(2): 281-294. DOI: 10.1007/s11390-020-9956-9
    [7]Qi Liu, Hong-Ke Zhao, Le Wu, Zhi Li, En-Hong Chen. Illuminating Recommendation by Understanding the Explicit Item Relations[J]. Journal of Computer Science and Technology, 2018, 33(4): 739-755. DOI: 10.1007/s11390-018-1853-0
    [8]Yue-Feng Du, De-Rong Shen, Tie-Zheng Nie, Yue Kou, Ge Yu. Content-Related Repairing of Inconsistencies in Distributed Data[J]. Journal of Computer Science and Technology, 2016, 31(4): 741-758. DOI: 10.1007/s11390-016-1660-4
    [9]Xiao Liang, Xiang Ren, Zhengdong Zhang, Yi Ma. Texture Repairing by Unified Low Rank Optimization[J]. Journal of Computer Science and Technology, 2016, 31(3): 525-546. DOI: 10.1007/s11390-016-1645-3
    [10]Tao Ju. Fixing Geometric Errors on Polygonal Models: A Survey[J]. Journal of Computer Science and Technology, 2009, 24(1): 19-29.
    • Supplements (1)

  • Others

  • Cited by

    Periodical cited type(1)

    1. Ling-Yun Situ, Zhi-Qiang Zuo, Le Guan, et al. Vulnerable Region-Aware Greybox Fuzzing. Journal of Computer Science and Technology, 2021, 36(5): 1212. DOI:10.1007/s11390-021-1196-0

    Other cited types(0)

Catalog

    Get Citation
    PDF
    XML
    Article views (39) PDF downloads (12) Cited by(1)
    Related

    Copyright ©2025 JCST, All Rights Reserved     京ICP备05002829号-1

    Institute of Computing Technology, Chinese Academy of Sciences
    P.O. Box 2704, Beijing 100190, P.R. China

    Tel.: 86-10-62610746 E-mail: jcst@ict.ac.cn

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return