Journal of KIISE:Software and Applications (한국정보과학회논문지:소프트웨어및응용)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

Eliminating Redundant Alarms of Buffer Overflow Analysis Using Context Refinements

분석 문맥 조절 기법을 이용한 버퍼 오버플로우 분석의 중복 경보 제거

  • 김유일 (서울대학교 컴퓨터공학과) ;
  • 한환수 (성균관대학교 정보통신공학부)
  • Received : 2010.07.27
  • Accepted : 2010.09.27
  • Published : 2010.12.15
Download PDF
⟨ Previous Next ⟩

Abstract

In order to reduce the efforts to inspect the reported alarms from a static buffer overflow analyzer, we present an effective method to filter out redundant alarms. In the static analysis, a sequence of multiple alarms are frequently found due to the same cause in the code. In such a case, it is sufficient and reasonable for programmers to examine the first alarm instead of the entire alarms in the same sequence. Based on this observation, we devise a buffer overflow analysis that filters out redundant alarms with our context refinement technique. Our experiment with several open source programs shows that our method reduces the reported alarms by 23% on average.

버퍼 오버플로우 취약점을 검출하는 정적 분석 도구에서, 분석 문맥을 조절하는 방법을 통해, 동일한 원인에 의해 발생하는 중복 경보 메시지를 제거하는 방법을 제안한다. 동일한 원인에 의해 다수의 경보 메시지가 출력되는 경우, 첫 경보 메시지만 살며보아도 나머지 경보 메시지들에 대한 판단을 내릴 수 있으므로, 사용자에게 첫 경보 메시지만을 보여주는 것이 보다 바람직하다. 제안하는 분석 문맥 조절 기법은 기존의 정적 분석 도구에 쉽게 적용할 수 있고, 오픈 소스 소프트웨어를 사용한 실험에서 평균 23%의 경보 메시지를 제거할 수 있었다.

Keywords

References

  1. Y. Xie, A. Chou, D. R. Engler, Archer: using symbolic, path-sensitive analysis to detect memory access errors, ESEC/FSE, 2003.
  2. N. Dor, M. Rodeh, S. Sagiv, CSSV: towards a realistic tool for statically detecting all buffer overflows in C, PLDI, 2003.
  3. A. Venet, G. P. Brat, Precise and efficient static array bound checking for large embedded C programs, PLDI, 2004.
  4. W. Le, M. L. Soffa, Marple: A Demand-Driven Path-Sensitive Buffer Overflow Detector, FSE, 2008.
  5. T. Kremenek, D. R. Engler, Z-ranking: Using statistical analysis to counter the impact of static analysis approximations, SAS, 2003.
  6. Y. Jung, J Kim, J Shin, K. Yi, Taming false alarms from a domain-unaware C analyzer by a bayesian statistical post analysis, SAS, 2005
  7. S. Kim, M. D. Emst, Which Warnings Should I Fix First?, FSE, 2007
  8. Y. Kim, J Jeon, H. Han, Development of costeffective buffer overrun analyzer, KIISE SIGPL Transactions on Programming Languages, vol.19, no.2, pp.1 -9, 2005.
  9. Y. Kim, J Lee, H. Han, K.-M. Choe, Filtering false alarms of buffer overflow analysis using SMT solvers, Information and Software Technology, vol.52, no.2, pp.210-219, 2010. https://doi.org/10.1016/j.infsof.2009.10.004
  10. B. Steensgaard, Points-to analysis in almost linear time, POPL, 1996
  11. P. Cousot, R. Cousot, Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints, POPL, 1977
  12. P. Cousot, R. Cousot. Systematic Design of Program Analysis Frameworks, POPL, 1979.
  13. G. C. Necula, S. McPeak, S. P. Rahul, W. Weimer, CIL: Intermediate language and tools for analysis and transformation of C programs, CC, 2002.
  14. S. Lu, Z. Li, F. Qin, L. Tan, P. Zhou, Y. Zhou, Bugbench: Benchmarks for evaluating bug detection tools, Workshop on the Evaluation of Software Defect Detection Tools, 2005.
  15. SLOCCount, http://www.dwheeler.com/sloccount/.