Sciweavers

SCAM
2008
IEEE

User-Input Dependence Analysis via Graph Reachability

14 years 6 months ago
User-Input Dependence Analysis via Graph Reachability
Bug-checking tools have been used with some success in recent years to find bugs in software. For finding bugs that can cause security vulnerabilities, bug checking tools require a program analysis which determines whether a software bug can be controlled by user-input. In this paper we introduce a static program analysis for computing user-input dependencies. This analysis can be used as a pre-processing filter to a static bug checking tool for identifying bugs that can potentially be exploited as security vulnerabilities. In order for the analysis to be applicable to large commercial software in the millions of lines of code, runtime speed and scalability of the user-input dependence analysis is of key importance. Our user-input dependence analysis takes both data and control dependencies into account. We extend Static Single Assignment (SSA) form by augmenting phi-nodes with control dependencies. A formal definition of user-input dependence is expressed in a dataflow analysis ...
Bernhard Scholz, Chenyi Zhang, Cristina Cifuentes
Added 01 Jun 2010
Updated 01 Jun 2010
Type Conference
Year 2008
Where SCAM
Authors Bernhard Scholz, Chenyi Zhang, Cristina Cifuentes
Comments (0)