Using static analysis for finding security vulnerabilities and critical errors in source code

Using static analysis for finding security vulnerabilities and critical errors in source code

Static analysis is a popular way of finding given patterns in source or binary code (e.g., coding style errors, violations of project guidelines of using specific libraries or language features, critical errors, security vulnerabilities, malicious code). In this paper we review the static analysis t...

Full description

Bibliographic Details
Main Authors:	Arutyun Avetisyan, Andrey Belevantsev, Alexey Borodin, Vladimir Nesov
Format:	Article
Language:	English
Published:	Ivannikov Institute for System Programming of the Russian Academy of Sciences 2018-10-01
Series:	Труды Института системного программирования РАН
Subjects:	статический анализ анализ потока данных интервальный анализ межпроцедурный анализ уязвимости
Online Access:	https://ispranproceedings.elpub.ru/jour/article/view/1026

Similar Items

Static analyzer Svace for finding of defects in program source code
by: V. P. Ivannikov, et al.
Published: (2018-10-01)

Vulnerabilities Detection via Static Taint Analysis
by: Nikita Vladimirovitch Chimtchik, et al.
Published: (2019-09-01)

Interprocedural taint analysis for LLVM-bitcode
by: V. K. Koshelev, et al.
Published: (2018-10-01)

Mechanisms for extending the system of static analysis Svace by new types of detectors of vulnerabilities and critical errors
by: Arutyun Avetisyan, et al.
Published: (2018-10-01)

Using unreachable code analysis in static analysis tool for finding defects in source code
by: R. R. Mulyukov, et al.
Published: (2018-10-01)

Static detection of error of double locking of mutex
by: Alexey Borodin
Published: (2018-10-01)

Input data generation for reaching specific function in program by iterative dynamic analysis
by: A. Y. Gerasimov, et al.
Published: (2018-10-01)

Inter-procedural buffer overflows detection in C/C++ source code via static analysis
by: I. . Dudina
Published: (2018-10-01)

Summary-based method of implementing arbitrary context-sensitive checks for source-based analysis via symbolic execution
by: A. . Dergachev, et al.
Published: (2018-10-01)

Analysis of program changes nature and searching for unpatched code fragments
by: Mariam Seropovna Arutunian, et al.
Published: (2019-04-01)

Automatic Data Race Error Detection in SystemC Models
by: A. V. Zakharov, et al.
Published: (2011-12-01)

Buffer Overflow Detection via Static Analysis: Expectations vs. Reality
by: I. A. Dudina
Published: (2018-10-01)

An approach of reachability determination for static analysis defects with help of dynamic symbolic execution
by: A. Y. Gerasimov, et al.
Published: (2018-10-01)

Survey on static program analysis results refinement approaches
by: A. Y. Gerasimov
Published: (2018-10-01)

Supporting Java programming in the Svace static analyzer
by: A. P. Merkulov, et al.
Published: (2018-10-01)

A static analysis tool Svace as a collection of analyzers with various complexity levels
by: A. . Borodin, et al.
Published: (2018-10-01)

An approach to the C string analysis for buffer overflow detection
by: I. A. Dudina, et al.
Published: (2018-12-01)

Methods and software tools for combined binary code analysis
by: V. A. Padaryan, et al.
Published: (2018-10-01)

Approach to detecting types inconsistency errors in a program code in dynamic languages
by: I. E. Bronshteyn
Published: (2018-10-01)

The Use of Dependencies for Improving the Precision of Program Static Analysis
by: M. I. Glukhikh, et al.
Published: (2011-12-01)

Исследование уровня социально-экономического развития регионов Российской Федерации методами многомерного анализа данных
by: Алексей Юрьевич Юдинцев, et al.
Published: (2023-03-01)

Using different views java-programs for static analysis
by: E. A. Karpulevitch
Published: (2018-10-01)

Analyzing C/C++ code entities and relations for program understanding
by: A. . Belevantsev, et al.
Published: (2018-10-01)

On Some Limitations of Information Flow Tracking in Full-system Emulators
by: M. A. Klimushenkova, et al.
Published: (2018-10-01)

A Translator with a Security Static Analysis Feature of an Information Flow for a Simple Programming Language
by: E. Ju. Antoshina, et al.
Published: (2014-08-01)

Application of applied statistical methods in the study of the labor market of IT-specialist
by: V. A. Livinskaya, et al.
Published: (2022-06-01)

GENERALIZED INVERSE INTERVAL METHOD OF GLOBAL CONSTRAINED OPTIMIZATION
by: A. V. Panteleyev, et al.
Published: (2016-11-01)

Jolie Static Type Checker: a Prototype
by: Daniel de Carvalho, et al.
Published: (2017-12-01)

Type inference for Python programming language
by: I. E. Bronshteyn
Published: (2018-10-01)

A WEB-APPLICATION QUALITY EVALUATION METHOD BASED ON VULNERABILITY DETECTION
by: D. E. Onoshko, et al.
Published: (2018-05-01)

THE TECHNIQUE OF ANALYSIS OF SOFTWARE OF ON-BOARD COMPUTERS OF AIR VESSEL TO ABSENCE OF UNDECLARED CAPABILITIES BY SIGNATURE-HEURISTIC WAY
by: V. I. Petrov
Published: (2017-03-01)

The Construction of an Universal Linearized Control Flow Graph for Static Code Analysis of Algorithms
by: V. A. Bitner, et al.
Published: (2013-04-01)

The Construction of an Universal Linearized Control Flow Graph for Static Code Analysis of Algorithms
by: V. A. Bitner, et al.
Published: (2013-01-01)

A static approach to estimation of execution time of components in AADL models
by: A. M. Troitskiy, et al.
Published: (2018-10-01)

Static Verification Tools for C Programs and Linux Device Drivers: A Survey
by: M. U. Mandrykin, et al.
Published: (2018-10-01)

Dynamic program analysis for error detection using goal-seeking input data generation
by: S. P. Vartanov, et al.
Published: (2018-10-01)

Fast and Safe Concrete Code Execution for Reinforcing Static Analysis and Verification
by: M. Belyaev, et al.
Published: (2015-12-01)

Statically detecting buffer overflows in C/C++
by: I. . Dudina, et al.
Published: (2018-10-01)

Refactoring on the whole project
by: S. V. Syromyatnikov, et al.
Published: (2018-10-01)

Adjustable method with predicate abstraction for detection of race conditions in operating systems
by: P. S. Andrianov, et al.
Published: (2018-10-01)