Authors:
George Stergiopoulos
1
;
Panagiotis Petsanas
1
;
Panagiotis Katsaros
2
and
Dimitris Gritzalis
1
Affiliations:
1
Athens University of Economics & Business (AUEB), Greece
;
2
Aristotle University of Thessaloniki, Greece
Keyword(s):
Code Exploits, Software Vulnerabilities, Source Code Classification, Fuzzy Logic, Tainted Object Propagation.
Related
Ontology
Subjects/Areas/Topics:
Information and Systems Security
;
Secure Software Development Methodologies
;
Security Engineering
;
Security in Information Systems
;
Software Security
Abstract:
Recent advances in static and dynamic program analysis resulted in tools capable to detect various types of
security bugs in the Applications under Test (AUT). However, any such analysis is designed for a priori
specified types of bugs and it is characterized by some rate of false positives or even false negatives and
certain scalability limitations. We present a new analysis and source code classification technique, and a prototype
tool aiming to aid code reviews in the detection of general information flow dependent bugs. Our
approach is based on classifying the criticality of likely exploits in the source code using two measuring
functions, namely Severity and Vulnerability. For an AUT, we analyse every single pair of input vector and
program sink in an execution path, which we call an Information Block (IB). A classification technique is
introduced for quantifying the Severity (danger level) of an IB by static analysis and computation of its Entropy
Loss. An IB’s Vulnerability is
quantified using a tainted object propagation analysis along with a Fuzzy
Logic system. Possible exploits are then characterized with respect to their Risk by combining the computed
Severity and Vulnerability measurements through an aggregation operation over two fuzzy sets. An IB is
characterized of a high risk, when both its Severity and Vulnerability rankings have been found to be above
the low zone. In this case, a detected code exploit is reported by our prototype tool, called Entroine. The
effectiveness of the approach has been tested by analysing 45 Java programs of NIST’s Juliet Test Suite,
which implement 3 different common weakness exploits. All existing code exploits were detected without
any false positive.
(More)