Using static analysis for finding security vulnerabilities and critical errors in source code
Static analysis is a popular way of finding given patterns in source or binary code (e.g., coding style errors, violations of project guidelines of using specific libraries or language features, critical errors, security vulnerabilities, malicious code). In this paper we review the static analysis t...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ivannikov Institute for System Programming of the Russian Academy of Sciences
2018-10-01
|
| Series: | Труды Института системного программирования РАН |
| Subjects: | |
| Online Access: | https://ispranproceedings.elpub.ru/jour/article/view/1026 |
| _version_ | 1818515179057446912 |
|---|---|
| author | Arutyun Avetisyan Andrey Belevantsev Alexey Borodin Vladimir Nesov |
| author_facet | Arutyun Avetisyan Andrey Belevantsev Alexey Borodin Vladimir Nesov |
| author_sort | Arutyun Avetisyan |
| collection | DOAJ |
| description | Static analysis is a popular way of finding given patterns in source or binary code (e.g., coding style errors, violations of project guidelines of using specific libraries or language features, critical errors, security vulnerabilities, malicious code). In this paper we review the static analysis tool developed in ISP RAS for finding critical errors and security vulnerabilities in C/C++ source code. The tool uses interprocedural unsound dataflow analysis and allows performing fully automatic analysis resulting in 40-80% true positive rate which is on par with the best commercial tools in this area. |
| first_indexed | 2024-12-11T00:25:43Z |
| format | Article |
| id | doaj.art-e2146848706848fcb9ec226197a5579b |
| institution | Directory Open Access Journal |
| issn | 2079-8156 2220-6426 |
| language | English |
| last_indexed | 2024-12-11T00:25:43Z |
| publishDate | 2018-10-01 |
| publisher | Ivannikov Institute for System Programming of the Russian Academy of Sciences |
| record_format | Article |
| series | Труды Института системного программирования РАН |
| spelling | doaj.art-e2146848706848fcb9ec226197a5579b2022-12-22T01:27:35ZengIvannikov Institute for System Programming of the Russian Academy of SciencesТруды Института системного программирования РАН2079-81562220-64262018-10-012101026Using static analysis for finding security vulnerabilities and critical errors in source codeArutyun Avetisyan0Andrey Belevantsev1Alexey Borodin2Vladimir Nesov3ИСП РАНИСП РАНИСП РАНИСП РАНStatic analysis is a popular way of finding given patterns in source or binary code (e.g., coding style errors, violations of project guidelines of using specific libraries or language features, critical errors, security vulnerabilities, malicious code). In this paper we review the static analysis tool developed in ISP RAS for finding critical errors and security vulnerabilities in C/C++ source code. The tool uses interprocedural unsound dataflow analysis and allows performing fully automatic analysis resulting in 40-80% true positive rate which is on par with the best commercial tools in this area.https://ispranproceedings.elpub.ru/jour/article/view/1026статический анализанализ потока данныхинтервальный анализмежпроцедурный анализуязвимости |
| spellingShingle | Arutyun Avetisyan Andrey Belevantsev Alexey Borodin Vladimir Nesov Using static analysis for finding security vulnerabilities and critical errors in source code Труды Института системного программирования РАН статический анализ анализ потока данных интервальный анализ межпроцедурный анализ уязвимости |
| title | Using static analysis for finding security vulnerabilities and critical errors in source code |
| title_full | Using static analysis for finding security vulnerabilities and critical errors in source code |
| title_fullStr | Using static analysis for finding security vulnerabilities and critical errors in source code |
| title_full_unstemmed | Using static analysis for finding security vulnerabilities and critical errors in source code |
| title_short | Using static analysis for finding security vulnerabilities and critical errors in source code |
| title_sort | using static analysis for finding security vulnerabilities and critical errors in source code |
| topic | статический анализ анализ потока данных интервальный анализ межпроцедурный анализ уязвимости |
| url | https://ispranproceedings.elpub.ru/jour/article/view/1026 |
| work_keys_str_mv | AT arutyunavetisyan usingstaticanalysisforfindingsecurityvulnerabilitiesandcriticalerrorsinsourcecode AT andreybelevantsev usingstaticanalysisforfindingsecurityvulnerabilitiesandcriticalerrorsinsourcecode AT alexeyborodin usingstaticanalysisforfindingsecurityvulnerabilitiesandcriticalerrorsinsourcecode AT vladimirnesov usingstaticanalysisforfindingsecurityvulnerabilitiesandcriticalerrorsinsourcecode |