Identifying Security Relevant Warnings from Static Code Analysis Tools through Code Tainting

Document type: Conference Papers
Peer reviewed: Yes
Author(s): Dejan Baca
Title: Identifying Security Relevant Warnings from Static Code Analysis Tools through Code Tainting
Conference name: 5th International Conference on Availability, Reliability and Security
Year: 2010
Pagination: 386-390
ISBN: 978-1-4244-5879-0
Publisher: IEEE
City: Cracow
ISI number: 000283706400056
Organization: Blekinge Institute of Technology
Department: School of Computing (Sektionen för datavetenskap och kommunikation)
School of Computing S-371 79 Karlskrona
+46 455 38 50 00
Language: English
Abstract: Static code analysis tools are often used by developers as early vulnerability detectors. Due to their automation they are less time-consuming and error-prone then manual reviews. However, they produce large quantities of warnings that developers have to manually examine and understand. In this paper, we look at a solution that makes static code analysis tools more useful as an early vulnerability detector. We use flow-sensitive, interprocedural and context-sensitive data flow analysis to determine the point of user input and its migration through the source code to the actual exploit. By determining a vulnerabilities point of entry we lower the number of warnings a tool produces and we provide the developer with more information why this warning could be a real security threat.

We use our approach in three different ways depending on what tool we examined. First,With the commercial static code analysis tool, Coverity, we reanalyze its results and create a set of warnings that are specifically relevant from a security perspective. Secondly, we altered the open source analysis tool Findbugs to only analyze code that has been tainted by user input. Third, we created an own analysis tool that focuses on XSS vulnerabilities in Java code.
Subject: Computer Science\Electronic security
Keywords: component, formatting, style, styling