ANTLR: a predicated-LL(k) parser generator
Software—Practice & Experience
Bugs as deviant behavior: a general approach to inferring errors in systems code
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Introduction to Automata Theory, Languages and Computability
Introduction to Automata Theory, Languages and Computability
Introduction to Modern Information Retrieval
Introduction to Modern Information Retrieval
ITS4: A static vulnerability scanner for C and C++ code
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Generating Robust Parsers using Island Grammars
WCRE '01 Proceedings of the Eighth Working Conference on Reverse Engineering (WCRE'01)
Automatic Mining of Source Code Repositories to Improve Bug Finding Techniques
IEEE Transactions on Software Engineering
DynaMine: finding common error patterns by mining software revision histories
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Static Detection of Vulnerabilities in x86 Executables
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Detecting object usage anomalies
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Fuzzing: Brute Force Vulnerability Discovery
Fuzzing: Brute Force Vulnerability Discovery
Linear-Time Computation of Similarity Measures for Sequential Data
The Journal of Machine Learning Research
IEEE Software
AutoISES: automatically inferring security specifications and detecting violations
SS'08 Proceedings of the 17th conference on Security symposium
Merlin: specification inference for explicit information flow problems
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
MAPO: Mining and Recommending API Usage Patterns
Genoa Proceedings of the 23rd European Conference on ECOOP 2009 --- Object-Oriented Programming
Alattin: Mining Alternative Patterns for Detecting Neglected Conditions
ASE '09 Proceedings of the 2009 IEEE/ACM International Conference on Automated Software Engineering
Learning from 6,000 projects: lightweight cross-project anomaly detection
Proceedings of the 19th international symposium on Software testing and analysis
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Vulnerability Detection Systems: Think Cyborg, Not Robot
IEEE Security and Privacy
A security policy oracle: detecting security holes using multiple API implementations
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Vulnerability extrapolation: assisted discovery of vulnerabilities using machine learning
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
SMS of death: from analyzing to attacking mobile phones on a large scale
SEC'11 Proceedings of the 20th USENIX conference on Security
RoleCast: finding missing security checks when you do not know what checks are
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
SAGE: whitebox fuzzing for security testing
Communications of the ACM
Generalized vulnerability extrapolation using abstract syntax trees
Proceedings of the 28th Annual Computer Security Applications Conference
Hi-index | 0.00 |
Uncovering security vulnerabilities in software is a key for operating secure systems. Unfortunately, only some security flaws can be detected automatically and the vast majority of vulnerabilities is still identified by tedious auditing of source code. In this paper, we strive to improve this situation by accelerating the process of manual auditing. We introduce Chucky, a method to expose missing checks in source code. Many vulnerabilities result from insufficient input validation and thus omitted or false checks provide valuable clues for finding security flaws. Our method proceeds by statically tainting source code and identifying anomalous or missing conditions linked to security-critical objects.In an empirical evaluation with five popular open-source projects, Chucky is able to accurately identify artificial and real missing checks, which ultimately enables us to uncover 12 previously unknown vulnerabilities in two of the projects (Pidgin and LibTIFF).