TUM Logo

Context-sensitive Detection of Information Exposure Bugs with Symbolic Execution

Static analysis tools used for detecting information exposure bugs can help software engineers detecting bugs without introducing run-time overhead. Such tools can make the detection of information-flow bugs faster and cheaper without having to provide user input in order to trigger the bug detection. In this paper we present a bug-detection tool for detecting information exposure bugs in C/C++ programs. Our tool is context-sensitive and uses static code analysis for bug detection. We developed our bug finding tool as a Eclipse plugin in order to easily integrate it in software development work flows. The bug reports provide user friendly visualizations that can be easily traced back to the location where the bug was detected. We discuss one static analysis approach for detecting information exposure bugs and relate briefly the usability of our bug testing tool to empirical research. We conducted an empirical evaluation based on 90 test programs which were selected from the Juliet test suite for C/C++ code. We reached a true-positive coverage of 94.4% in 121 seconds for 90 test programs having a total of 12016 source code lines.

Context-sensitive Detection of Information Exposure Bugs with Symbolic Execution

Authors: Paul Muntean, Claudia Eckert, and Andreas Ibing
Year/month: 2014/11
Booktitle: International Workshop on Innovative Software Development Methodologies and Practices (InnoSWDev), Hong Kong, China
Publisher: ACM
Fulltext: InnoSWDev_14_Context-Sensitive_Detection_of_Information_Exposure_Bugs_with_Symbolic_Execution.pdf

Abstract

Static analysis tools used for detecting information exposure bugs can help software engineers detecting bugs without introducing run-time overhead. Such tools can make the detection of information-flow bugs faster and cheaper without having to provide user input in order to trigger the bug detection. In this paper we present a bug-detection tool for detecting information exposure bugs in C/C++ programs. Our tool is context-sensitive and uses static code analysis for bug detection. We developed our bug finding tool as a Eclipse plugin in order to easily integrate it in software development work flows. The bug reports provide user friendly visualizations that can be easily traced back to the location where the bug was detected. We discuss one static analysis approach for detecting information exposure bugs and relate briefly the usability of our bug testing tool to empirical research. We conducted an empirical evaluation based on 90 test programs which were selected from the Juliet test suite for C/C++ code. We reached a true-positive coverage of 94.4% in 121 seconds for 90 test programs having a total of 12016 source code lines.

Bibtex:

@conference { 340,
author = { Paul Muntean and Claudia Eckert and Andreas Ibing },
title = { Context-sensitive Detection of Information Exposure Bugs with Symbolic Execution },
year = { 2014 },
month = { November },
booktitle = { International Workshop on Innovative Software Development Methodologies and Practices (InnoSWDev), Hong Kong, China },
publisher = { ACM },
url = {https://www.sec.in.tum.de/i20/publications/context-sensitive-detection-of-information-exposure-bugs-with-symbolic-execution/@@download/file/InnoSWDev_14_Context-Sensitive_Detection_of_Information_Exposure_Bugs_with_Symbolic_Execution.pdf}
}