Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
- Type of Document: M.Sc. Thesis
- Language: Farsi
- Document No: 51360 (19)
- University: Sharif University of Technology
- Department: Computer Engineering
- Advisor(s): Kharrazi, Mehdi
- Abstract:
- Researchers show that one of the critical sources of bugs is API incorrect usage which in some cases can cause serious security vulnerabilities. The lack of knowledge about API correct usage rules is one of the main reasons that APIs are employed incorrectly by programmers, however, nding a correct usage rule for an API is time-consuming and error-prone particularly without having access to API documentation in most cases. Existing approaches to automatically extract correct usage rules, consider the majority usages as the correct rule for an API. Although statistically extracting API correct usage rules can achieve reasonable accuracy, it cannot work correctly in the absence of fair amount of sample usages. Therefore there is need to introduce a method that can automatically extract correct usage rule independent of the number of sample usages. For this purpose, we propose arranging APIs in a tree, where a node is an API, and each node’s children are APIs called in the source code of the parent’s node. Leveraging this API tree, we can start from lower-level APIs and infer the correct usage rules for them by using the available correct usage rules of the APIs it calls and traverse the tree to higher-level APIs. Also we developed a tool based on our idea for inferring API correct usages rules hierarchically. To show the usefulness of our proposed method and evaluate it, we applied our tool on Linux kernel and found 24 vulnerabilities using the generated rules. It shows that our proposed approach can help developers to use APIs correctly and avoid software vulnerabilities
- Keywords:
- Vulnerability Analysis ; Application Vulnerability ; API Incorrect Use ; API Correct Usage Rule
Digital Object List
-
محتواي کتاب
- view
Bookmark