Assisted Discovery of Vulnerabilities in Source Code by Analyzing Program Slices

Since our daily life is strongly oriented towards the use of computer systems, everyone is affected by security incidents. Consequently, securing computer systems is of everyone’s interest. Many vulnerabilities in source code can be put down to insufficient validation of input data. Not long ago, a method was introduced to support the auditor in finding and fixing such vulnerabilities. In this thesis, we contribute to this method by proposing alternative approaches for improvement. The idea is based on a combination of unsupervised machine learning and static code analysis. More precisely, missing checks are expressed as anomalous patterns found in conditions. To separate relevant from irrelevant conditions, the scope of data sources or data sinks is determined. Analyzing these scopes, with respect to checks, makes it possible to expose sources/sinks that deviate from normality. Our method differs from the original method by the definition of the scopes and the similarity assessment of sources/sinks which is required to define normality. Interprocedural program slices are used as scopes for sources/sinks instead of intraprocedural lightweight taint analysis. Furthermore, the notion of similar sources/sinks is based on cluster analysis which is used instead of the identification of nearest neighbors. We illustrate the theoretical advantages of our contributions. Moreover, we are able to demonstrate the new capabilities of our prototype in the evaluation of multiple controlled experiments.