Abstract
Security of modern information and communication systems has become a major concern. This tool paper presents Flinder-SCA, an original combined tool for vulnerability detection, implemented on top of Frama-C, a platform for collaborative verification of C programs, and Search Lab’s Flinder testing tool. Flinder-SCA includes three steps. First, abstract interpretation and taint analysis are used to detect potential vulnerabilities (alarms), then program slicing is applied to reduce the initial program, and finally a testing step tries to confirm detected alarms by fuzzing on the reduced program. We describe the proposed approach and the tool, illustrate its application for the recent OpenSSL/HeartBeat Heartbleed vulnerability, and discuss the benefits and industrial application perspectives of the proposed verification approach.
This work has been partially funded by the EU FP7 project STANCE (grant 317753).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
For convenience of the reader, taint analysis results are illustrated in Sect. 7.1.
- 6.
For convenience of the reader, fuzzing results are illustrated in Sect. 7.2.
- 7.
as reported by Andrew Hintz, Google vulnerability analyst, see https://news.ycombinator.com/item?id=7558015.
References
CWE-126: Buffer Over-read. http://cwe.mitre.org/data/definitions/126.html
Carvalho, M., DeMott, J., Ford, R., Wheeler, D.A.: Heartbleed 101. IEEE Secur. Priv. 12(4), 63–67 (2014)
Chebaro, O., Cuoq, P., Kosmatov, N., Marre, B., Pacalet, A., Williams, N., Yakobowski, B.: Behind the scenes in SANTE: a combination of static and dynamic analyses. Autom. Softw. Eng. 21(1), 107–143 (2014)
Common Vulnerabilities and Exposures. https://cve.mitre.org
Denning, D.E.: A lattice model for secure information flow. Commun. ACM 19, 236–243 (1976)
CVE-2014-0160. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., Yakobowski, B.: Frama-C: a software analysis perspective. Formal Asp. Comput. 27(3), 573–609 (2015)
Kupsch, J.A., Miller, B.P.: Why do software assurance tools have problems finding bugs like Heartbleed? Continuous Software Assurance Marketplace, April 2014
Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. In: PLDI (2007)
Search Lab: Flinder security testing platform. http://www.flinder.hu
Tip, F.: A survey of program slicing techniques. J. Prog. Lang. 3(3), 121–189 (1995)
Weiser, M.: Program slicing. In: ICSE 1981, pp. 439–449 (1981)
Acknowledgment
We thank the Frama-C team for providing the tools and support, and the anonymous referees for many helpful comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Kiss, B., Kosmatov, N., Pariente, D., Puccetti, A. (2015). Combining Static and Dynamic Analyses for Vulnerability Detection: Illustration on Heartbleed. In: Piterman, N. (eds) Hardware and Software: Verification and Testing. HVC 2015. Lecture Notes in Computer Science(), vol 9434. Springer, Cham. https://doi.org/10.1007/978-3-319-26287-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-26287-1_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26286-4
Online ISBN: 978-3-319-26287-1
eBook Packages: Computer ScienceComputer Science (R0)