Finding Previously-discovered Bugs in Software Applications (2 Years)
نویسندگان
چکیده
Conceptually, this may involve extracting a signature from a discovered bug and developing an algorithm to effectively analyse a set of binary executables from applications for the presence of the signature. The challenges include describing what a suitable signature might be and designing a robust algorithm that can withstand syntactical variations due to the compilation process. Ideally, it should also be proved that the bug is reachable, since non-reachable bugs need not be patched.
منابع مشابه
Analyzing Stripped Device-Driver Executables
This paper sketches the design and implementation of DeviceDriver Analyzer for x86 (DDA/x86), a prototype analysis tool for finding bugs in stripped Windows device-driver executables (i.e., when neither source code nor symbol-table/debugging information is available), and presents a case study. DDA/x86 was able to find known bugs (previously discovered by source-code-based analysis tools) along...
متن کاملSimple and Effective Static Analysis to Find Bugs
Title of dissertation: SIMPLE AND EFFECTIVE STATIC ANALYSIS TO FIND BUGS David H. Hovemeyer, Doctor of Philosophy, 2005 Dissertation directed by: Professor William W. Pugh Department of Computer Science Much research in recent years has focused on using static analysis to find bugs in software. Many new approaches employing sophisticated program analysis techniques—inter-procedural, context-sen...
متن کاملAutomatically Detecting Error Handling Bugs Using Error Specifications
Incorrect error handling in security-sensitive code often leads to severe security vulnerabilities. Implementing correct error handling is repetitive and tedious especially in languages like C that do not support any exception handling primitives. This makes it very easy for the developers to unwittingly introduce error handling bugs. Moreover, error handling bugs are hard to detect and locate ...
متن کاملThe Interaction Analyzer: A Tool for Debugging Ubiquitous Computing Applications
Ubiquitous computing applications are frequently long-running and highly distributed, leading to bugs that only become apparent far from and long after their original point of appearance. Such bugs are hard to find. This paper describes the Interaction Analyzer, a debugging tool for ubiquitous computing applications that addresses this problem. The Interaction Analyzer uses protocol definitions...
متن کاملSTANSE: Bug-Finding Framework for C Programs
Stanse is a free (available under the GPLv2 license) modular framework for finding bugs in C programs using static analysis. Its two main design goals are 1) ability to process large software projects like the Linux kernel and 2) extensibility with new bug-finding techniques with a minimal effort. Currently there are four bug-finding algorithms implemented within Stanse: AutomatonChecker checks...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2015