In this thesis, we address the problem of detecting vulnerabilities in software where the source code is available, such as free-and-open-source software. In this, we rely on the use of security testing. Either static or dynamic analysis can be used for security testing approaches, yet both analyses have their advantages and drawbacks. In fact, while these analyses are different, they are complementary to each other in many ways. Consequently, approaches that would combine these analyses have the potential of becoming very advantageous to security testing and vulnerability detection. This has motivated the work presented in this thesis.ududFor the purpose of security testing, security analysts need to specify the security properties that they wish to test software against for security violations. Accordingly, we firstly propose a security model called Team Edit Automata (TEA), which extends security automata. Using TEA, security analysts are capable of precisely specifying the security properties under concerns. Since various code instrumentations are needed at different program points for the purpose of profiling the software behavior at run-time, we secondly propose a code instrumentation profiler. Furthermore, we provide an extension to the GCC compiler to enable such instrumentations. The profiler is based on the pointcut model of Aspect-Oriented Programming (AOP) languages and accordingly it is capable of providing a large set of instrumentation capabilities to the analysts. We particularly explore the capabilities and the current limitations of AOP languages as tools for security testing code instrumentation, and propose extensions to these languages to allow them to be used for such purposes. Thirdly, we explore the potential of static analysis for vulnerability detection and illustrate its applicability and limitations. Fourthly, we propose a framework that reduces security vulnerability detection to a reachability problem. The framework combines three main techniques: static analysis, program slicing, and reachability analysis. This framework mainly targets software applications that are generally categorized as being safety/security critical, and are of relatively small sizes, such as embedded software. Finally, we propose a more comprehensive security testing and test-data generation framework that provides further advantages over the proposed reachability model. This framework combines the power of static and dynamic analyses, and is used to generate concrete data, with which the existence of a vulnerability is proven beyond doubt, hence mitigating major drawbacks of static analysis, namely false positives. We also illustrate the feasibility of the elaborated frameworks by developing case studies for test-data generation and vulnerability detection on various-size software.ud
展开▼
机译:在本文中,我们解决了在源代码可用的软件(例如,自由和开源软件)中检测漏洞的问题。在此,我们依赖于安全性测试的使用。静态或动态分析都可以用于安全测试方法,但是两种分析都有其优缺点。实际上,尽管这些分析是不同的,但它们在许多方面是互补的。因此,将这些分析结合起来的方法对于安全性测试和漏洞检测具有很大的潜力。这激励了本文中介绍的工作。 ud ud出于安全测试的目的,安全分析人员需要指定他们希望针对违反安全性来测试软件的安全属性。因此,我们首先提出一种称为团队编辑自动机(Team Edit Automata,TEA)的安全模型,该模型扩展了安全自动机。使用TEA,安全分析人员能够精确指定所关注的安全属性。由于在不同的程序点需要各种代码工具,以便在运行时分析软件行为,因此,我们接下来提出一种代码工具分析器。此外,我们提供了对GCC编译器的扩展,以启用此类检测。分析器基于面向方面的编程(AOP)语言的切入点模型,因此它能够为分析人员提供大量的工具功能。我们特别探讨了AOP语言作为安全性测试代码工具的功能和当前的局限性,并提出了对这些语言的扩展,以允许将它们用于这些目的。第三,我们探索静态分析在漏洞检测中的潜力,并说明其适用性和局限性。第四,我们提出了一个框架,可以将安全漏洞检测减少到可达性问题。该框架结合了三种主要技术:静态分析,程序切片和可达性分析。该框架主要针对通常被归类为对安全性/安全性至关重要并且相对较小的软件应用程序,例如嵌入式软件。最后,我们提出了一个更全面的安全测试和测试数据生成框架,该框架相对于所提出的可达性模型具有更多优势。该框架结合了静态和动态分析的功能,并用于生成具体数据,利用该数据无疑可以证明存在漏洞,从而减轻了静态分析的主要弊端,即误报。通过开发案例研究以在各种大小的软件上测试数据生成和漏洞检测,我们还说明了详细框架的可行性。 ud
展开▼
