Skip to topic | Skip to bottom


Home

Main
Main.RobinVanSchendelr1.1 - 02 May 2007 - 19:20 - TWikiGuest

Start of topic | Skip to actions

Static Detection of Exploitable Vulnerabilities in Input Dependencies

Robin van Schendel

Software vulnerabilities are weaknesses in a system that allow the security to be compromised. They continue to be a problem in software. Several software inspection tools exist that report vulnerabilities, but at the cost of a high false positive rate. We introduce a combination of a program slicer and software inspection tools to determine exploitable input vulnerabilities. We determine input dependencies using the program slicer CodeSurfer and analyze the dependencies with software inspection tools. For that purpose, six software inspection tools are evaluated on a test suite, which contains various vulnerabilities that differ in type and complexity. Then we discuss VulnerabilitySlicer, our prototype tool that implements our approach, and evaluate its abilities on small test cases. This is followed by testing our tool on various open source projects, such as Sendmail and WU-ftpd. Although, the VulnerabilitySlicer does not perform as well on the open source projects as on the smaller test cases, we believe it is a step in the right direction towards detecting exploitable software vulnerabilities.

MSc project performed in the context of the ASSESS Project.

I Attachment sort Action Size Date Who Comment
rvschendel_mscthesis.pdf manage 1231.3 K 14 Mar 2007 - 15:17 LeonMoonen MSc Thesis Robin van Schendel

You are here: Main > MastersProjects > PastAndCurrentMScProjects > RobinVanSchendel

to top

Copyright © 2003-2017, Software Engineering Research Group, Delft University of Technology, The Netherlands