Context-Sensitive detection of information exposure bugs with symbolic execution

Paul Muntean, Claudia Eckert, Andreas Ibing

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations

Abstract

Static analysis tools used for detecting information exposure bugs can help software engineers detecting bugs without introducing run-time overhead. Such tools can make the detection of information-flow bugs faster and cheaper without having to provide user input in order to trigger the bug detection. In this paper we present a bug-detection tool for detecting information exposure bugs in C/C++ programs. Our tool is context-sensitive and uses static code analysis for bug detection. We developed our bug finding tool as a Eclipse plugin in order to easily integrate it in software development work flows. The bug reports provide user friendly visualizations that can be easily traced back to the location where the bug was detected. We discuss one static analysis approach for detecting information exposure bugs and relate briefly the usability of our bug testing tool to empirical research. We conducted an empirical evaluation based on 90 test programs which were selected from the Juliet test suite for C/C++ code. We reached a true-positive coverage of 94.4% in 121 seconds for 90 test programs having a total of 12589 source code lines.

Original languageEnglish
Title of host publicationInternational Workshop on Innovative Software Development Methodologies and Practices, InnoSWDev 2014 - Proceedings
PublisherAssociation for Computing Machinery
Pages84-93
Number of pages10
ISBN (Electronic)9781450332262
DOIs
StatePublished - 16 Nov 2014
EventInternational Workshop on Innovative Software Development Methodologies and Practices, InnoSWDev 2014 - Hong Kong, China
Duration: 16 Nov 2014 → …

Publication series

NameInternational Workshop on Innovative Software Development Methodologies and Practices, InnoSWDev 2014 - Proceedings

Conference

ConferenceInternational Workshop on Innovative Software Development Methodologies and Practices, InnoSWDev 2014
Country/TerritoryChina
CityHong Kong
Period16/11/14 → …

Keywords

  • Information-flow
  • Integrated development environment
  • Software bugs
  • Software testing
  • Static taint analysis

Fingerprint

Dive into the research topics of 'Context-Sensitive detection of information exposure bugs with symbolic execution'. Together they form a unique fingerprint.

Cite this