Repositorio Dspace/Manakin
Uma técnica para detectar fraquezas de código em programas C.
JavaScript is disabled for your browser. Some features of this site may not work without it.
Uma técnica para detectar fraquezas de código em programas C.
MUNIZ, R. C.; http://lattes.cnpq.br/1454914002384966; MUNIZ, Raphael de Carvalho.
Fecha:
2022-03-04
Resumen:
Companies’ investment in implementing means to ensure security in software systems
makes us realize the importance of this topic. However, ensuring this feature is not a trivial
activity. Several critical systems, such as Linux and OpenSSL, are implemented using the C
language, and a vulnerability in these systems may impact many users. However, despite the
efforts to apply techniques and tools to make software systems more secure, these systems
still have code weaknesses, leading to vulnerable code. The number of reported vulnera-
bilities has increased in the last years, where more than 18 thousand vulnerabilities were
reported to the National Vulnerability Database (NVD) in 2020. Static analysis tools, such
as Flawfinder and Cppcheck, may help in this problem, reporting some kinds of weaknesses.
However, this kind of tool presents a high rate of false positives, i.e., an issue reported in a
program when no problem actually exists. In summary, in this work we present a technique
that combines static analysis with software testing to detect weaknesses introduced in the
code during earlier development stages of C programs. We believe the earlier the weakness
is detected, the lower is the cost to fix it. We implemented this technique in a framework
named Weaknesses Testing or WTT. Finally, we carried out two studies to evaluate the prac-
tical application of the proposed technique. The first study evaluated the proposed technique
with real open-source programs to detect new weaknesses. We evaluated 103 warnings from
6 different projects and detected 22 weaknesses of three kinds: Buffer Overflow, Format
String, and Integer Overflow. On the other hand, in the second study, we evaluated the
technique with a set of examples of known vulnerabilities. We evaluated a total of 2,834
functions from the Juliet Test Suite dataset with weaknesses CWE-190: Integer Overflow or
Wraparound, CWE-191: Integer Underflow (Wrap or Wraparound), and CWE-369: Divide
By Zero. The results show evidence that our technique can help developers anticipate the
detection of weaknesses in C programs, reducing vulnerability in operational versions.
Ficheros en el ítem
Nombre:
RAPHAEL DE CARVALHO ...
Tamaño:
4.421Mb
Formato:
PDF
Descripción:
Raphael de Carvalho ...
Este ítem aparece en la(s) siguiente(s) colección(ones)
Related items
Showing items related by title, author, creator and subject.
-
Um estudo qualitativo sobre propriedades de liderança e seus efeitos em desenvolvedores de software. CHAVES, R. P. E.; http://lattes.cnpq.br/7915231862496072; CHAVES, Rafaella Priscilla Evangelista. (BrasilCentro de Engenharia Elétrica e Informática - CEEIUFCGUniversidade Federal de Campina Grande, 2021-05-24)Software developers can come to leave their jobs due to some reasons, like better opportunities or impacts caused by relationships with coworker and colleagues. This paper aims to analyze these relationships, specially as ...
-
OLIVEIRA NETO, O. C.; http://lattes.cnpq.br/7819336150775369; OLIVEIRA NETO, Oliveiros Cavalcanti de. (BrasilCentro de Engenharia Elétrica e Informática - CEEIUFCGUniversidade Federal de Campina Grande, 2020)
-
CAVALCANTI, D. T.; http://lattes.cnpq.br/9474337125322200; CAVALCANTI, Diego Tavares. (BrasilCentro de Engenharia Elétrica e Informática - CEEIPÓS-GRADUAÇÃO EM CIÊNCIA DA COMPUTAÇÃOUFCGUniversidade Federal de Campina Grande, 2012-11-26)Locating and fixing bugs described in bug reports are routine tasks in software development processes. A major effort must be undertaken to successfully locate the (possibly faulty) entities in the code that must be worked ...
Buscar en DSpace
Listar
-
Todo DSpace
-
Esta colección