Token-based scanning of source code for security problems

Authors:
John Viega;J. T. Bloch;Tadayoshi Kohno;Gary McGraw
Affiliations:
Virginia Tech, Falls Church, VA;University of Chicago, Chicago, IL;University of California, San Diego, CA;Cigital, Dulles, VA
Venue:
ACM Transactions on Information and System Security (TISSEC)
Year:
2002

Citing 6
Cited 6

Compilers: principles, techniques, and tools

Compilers: principles, techniques, and tools
A safe approximate algorithm for interprocedural aliasing

PLDI '92 Proceedings of the ACM SIGPLAN 1992 conference on Programming language design and implementation
LCLint: a tool for using specifications to check code

SIGSOFT '94 Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering
Practical Unix and Internet security (2nd ed.)

Practical Unix and Internet security (2nd ed.)
JFlow: practical mostly-static information flow control

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Statically detecting likely buffer overflow vulnerabilities

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10

A Hybrid Approach to Enhancing the Reliability of Software

Programming and Computing Software
Back-propagation of knowledge from syntax tree to C source code

ACM SIGPLAN Notices
Predicting vulnerable software components

Proceedings of the 14th ACM conference on Computer and communications security
Secure Software Engineering: Learning from the Past to Address Future Challenges

Information Security Journal: A Global Perspective
Mitigating program security vulnerabilities: Approaches and challenges

ACM Computing Surveys (CSUR)
A source-to-source transformation tool for error fixing

CASCON '13 Proceedings of the 2013 Conference of the Center for Advanced Studies on Collaborative Research

Quantified Score

Hi-index	0.00

Visualization

Abstract

We describe ITS4, a tool for statically scanning C and C++ source code for security vulnerabilities. Compared to other approaches, our scanning technique stakes out a new middle ground between accuracy and efficiency. This method is efficient enough to offer real-time feedback to developers during coding while producing few false negatives. Unlike other techniques, our method is also simple enough to scan C++ code despite the complexities inherent in the language. Using ITS4, we found new remotely exploitable vulnerabilities in a widely distributed software package as well as in a major piece of e-commerce software.We also describe functionality in more recent tools modeled after ITS4, and discuss algorithms that could easily be used to augment these kinds of tools. Particularly, we describe a solution we have prototyped that allows for more rigorous analysis of C and C++ source code, without failing to analyze parts of the program due to preprocessor conditionals.