Identifying Security Relevant Warnings from Static Code Analysis Tools through Code Tainting
|Document type:||Conference Papers|
|Title:||Identifying Security Relevant Warnings from Static Code Analysis Tools through Code Tainting|
|Conference name:||5th International Conference on Availability, Reliability and Security|
|Organization:||Blekinge Institute of Technology|
|Department:||School of Computing (Sektionen för datavetenskap och kommunikation)
School of Computing S-371 79 Karlskrona
+46 455 38 50 00
|Abstract:||Static code analysis tools are often used by developers as early vulnerability detectors. Due to their automation they are less time-consuming and error-prone then manual reviews. However, they produce large quantities of warnings that developers have to manually examine and understand. In this paper, we look at a solution that makes static code analysis tools more useful as an early vulnerability detector. We use flow-sensitive, interprocedural and context-sensitive data flow analysis to determine the point of user input and its migration through the source code to the actual exploit. By determining a vulnerabilities point of entry we lower the number of warnings a tool produces and we provide the developer with more information why this warning could be a real security threat.
We use our approach in three different ways depending on what tool we examined. First,With the commercial static code analysis tool, Coverity, we reanalyze its results and create a set of warnings that are specifically relevant from a security perspective. Secondly, we altered the open source analysis tool Findbugs to only analyze code that has been tainted by user input. Third, we created an own analysis tool that focuses on XSS vulnerabilities in Java code.
|Subject:||Computer Science\Electronic security|
|Keywords:||component, formatting, style, styling|