Two complementary approaches to detecting vulnerabilities in C programs. (Deux approches complémentaires pour la détection de vulnérabilités dans les programmes C)

In general, computer software vulnerabilities are de ned as special cases where an unexpected behavior of the system leads to the degradation of security properties or the violation of security policies. These vulnerabilities can be exploited by malicious users or systems impacting the security and/or operation of the attacked system. Since the literature on vulnerabilities is not always available to developers and the used tools do not allow detecting and avoiding them; the software industry continues to be a ected by security breaches. Therefore, the detection of vulnerabilities in software has become a major concern and research area. Software vulnerabilities result from potential aws in the design of programs and also from errors in their implementation as the misuse of dangerous aspects and error-prone programming languages. In the case of the C programming language, for example, vulnerabilities are primarily due to pointer arithmetic, the lack of a basic type for strings and the lack of bounds checking. Our research was done under the scope of the SHIELDS 3 European project and focuses speci cally on modeling techniques and formal detection of vulnerabilities. In this area, existing approaches are limited and do not always rely on a precise formal modeling of the vulnerabilities they target [15, 18, 26]. Additionally detection tools produce a signi cant number of false positives/negatives. Note also that it is quite di cult for a developer to know what vulnerabilities are detected by each tool because they are not well documented. Under this context the contributions made in this thesis are: 1. De nition of a formalism called template, created to capture the description of vulnerabilities given in natural language or by a vulnerability model. This formalism has the advantage of facilitating the communication between the di erent actors of the development team. 2. De nition of a formal language, called Vulnerability Detection Condition (VDC), which can accurately model the occurrence of a vulnerability. Also a method to 3. http://er-projects.gf.liu.se/