Static analysis for dummies: experiencing LiSA

Proceedings of the Eighth Israeli Conference on Computer Systems and Software Engineering, 1997

Objectives: A vast multitude of application and systems programming is carried out in C or C++ programming languages. Even in programs written in languages such as Java, C libraries find wide use.Therefore, due to their ubiquitous presence, the security of C and C++ code is of paramount importance. Methods/ Statistical Analysis: A static analysis tool named “TraC++” was developed to detect security vulnerabilities in C and C++ programs. The tool uses a predefined and dynamically updated list of insecure coding constructs to check their presence in a given C/C++ code. Findings: The tool, developed in C#, was found to capture potential security vulnerabilities and insecure coding constructs in a given C/C++ program. A list of vulnerable constructs used in the code along with the line numbers in which they are present are the output provided by the tool. Furthermore, the tool provides suggestions as to how the vulnerable constructs can be replaced with better constructs. Application/Improvement: The tool can find use in static analysis for security violations in programs and libraries developed in the C/C++ programming languages.

–New generation Web Application Firewalls (ngWAF), new Dynamic Analysis (modern DAST products) RASP and DevOps fever are making Static Analysis (SAST) techniques useless? No, Absolutely not. But commercial Static Analysis vendors have to think different if they want their products to survive. Software solutions performing automatic code analysis are still very important, especially for remediation assistance capabilities or for extracting semantic metadata. These methods gather syntactic information from the source code and/or binaries, and then in general they provide large set of implying semantics. With the increased focus on dynamic techniques for vulnerabilities detection and prevention the problem emerges – modern programming languages are dynamic and the whole code semantic is known only at runtime and the analysis has to estimate larger relations. Moreover described is a new algorithm for better contrasting the jeopardize of dynamic analysis techniques.

2014 IEEE 38th International Computer Software and Applications Conference Workshops, 2014

Developing and deploying secure software is a difficult task, one that is even harder when the developer has to be conscious of adhering to specific company security requirements. In order to facilitate this, different approaches have been elaborated over the years to varying degrees of success. To better understand the underlying issues, this paper describes and evaluates a number of static code analysis techniques and tools based on an example that illustrates prevalent software security challenges. The latter can be addressed by considering an approach that allows for the detection of security properties and their transformation into security policies that can be validated against security requirements. This would help the developer throughout the software development lifecycle and to insure the compliance with security specifications.

Software security is a matter of major concern for software development enterprises that wish to deliver highly secure software products to their customers. Static analysis is considered one of the most effective mechanisms for adding security to software products. The multitude of static analysis tools that are available provide a large number of raw results that may contain security-relevant information, which may be useful for the production of secure software. Several mechanisms that can facilitate the production of both secure and reliable software applications have been proposed over the years. In this paper, two such mechanisms, particularly the vulnerability prediction models (VPMs) and the optimum checkpoint recommendation (OCR) mechanisms, are theoretically examined, while their potential improvement by using static analysis is also investigated. In particular, we review the most significant contributions regarding these mechanisms, identify their most important open issues, and propose directions for future research, emphasizing on the potential adoption of static analysis for addressing the identified open issues. Hence, this paper can act as a reference for researchers that wish to contribute in these subfields, in order to gain solid understanding of the existing solutions and their open issues that require further research.

2014

Developing and delivering secure software is a challenging task, that gets even harder when the developer tries to adhere to both application and organization-specific security requirements. Different approaches have been proposed to facilitate this task, such as code analysis that aims at detecting flaws in the developed software before it is released and deployed to customer. This paper discusses a number of static code analysis approaches and presents different code analysis tools adopting each a specific analysis technique. These tools are evaluated against a sample code illustrating different security challenges that can be addressed using an approach that helps detecting security properties. The latter can be transformed into abstract security policies that can be validated against explicit security requirements. This would help the developer throughout the software development lifecycle and to ensure the compliance with security specifications.

Software, IEEE, 2002

E S O F T W A R E J a n u a r y / F e b r u a r y 2 0 0 2 0 7 4 0 -7 4 5 9 / 0 2 / $ 1 7 . 0 0 © 2 0 0 2 I E E E J a n u a r y I E E E S O F T W A R E 4 3 Malformed input 16% Resource leaks 6% Format bugs 6% Buffer overflows 19% Access 16% Pathnames 10% Other 16% Symbolic links 11%

Not any error detection tool, is capable of detecting, processing and rectifying all the errors. Our main aim is to increase the level of authenticity that ASA (Automatic Static Analysis) can provide us. These Static analysis tools are used to check for vulnerabilities in systems and programs, as the correctness or authenticity of the program is the greatest concern in developing them and verifying them prior to their release. These tools use a wide variety of functions, to prevent many errors and loopholes from occurring at many different stages of the programs. But still, ASA tools provide a lot of false positives that again require a lot of human involvement to rectify them. Here we review the different techniques, and methods that are primarily used in Automatic Static Analysis, and also that coding concerns that arise in the process.

Quang, 2019

These notes present principles and applications of static analysis of programs. We cover type analysis, lattice theory, control flow graphs, dataflow analysis, fixed-point algorithms, narrowing and widening, inter-procedural analysis, control flow analysis, and pointer analysis. A tiny imperative programming language with heap pointers and function pointers is subjected to numerous different static analyses illustrating the techniques that are presented. The style of presentation is intended to be precise but not overly formal. The readers are assumed to be familiar with advanced programming language concepts and the basics of compiler construction.

2004

Typed assembly languages have the goal of providing security guarantees, for example, for the limited use of resources in a host machine or the detection of autoupdate code. This work presents a simple typed assembly language which allows us to perform various kinds of static analysis tasks with the purpose of detecting flaws in the code security. The security policy we use guarantees type and memory safety. Moreover, wa can ensure that non-initialized variables are not read, and that there is no out-of-bound array accesses. The language we present, called STALlion, was designed in order to interpret a particular kind of imperative programs, more specifically abstract syntax tree.