Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
Inferring API correct usage rules: A tree-based approach
Zolfaghari, M ; Sharif University of Technology | 2019
723
Viewed
- Type of Document: Article
- DOI: 10.1109/ISCISC48546.2019.8985157
- Publisher: Institute of Electrical and Electronics Engineers Inc , 2019
- Abstract:
- The lack of knowledge about API correct usage rules is one of the main reasons that APIs are employed incorrectly by programmers, which in some cases lead to serious security vulnerabilities. However, finding a correct usage rule for an API is a time-consuming and error-prone task, particularly in the absence of an API documentation. Existing approaches to extract correct usage rules are mostly based on majority API usages, assuming the correct usage is prevalent. Although statistically extracting API correct usage rules achieves reasonable accuracy, it cannot work correctly in the absence of a fair amount of sample usages. We propose inferring API correct usage rules independent of the number of sample usages by leveraging an API tree structure. In an API tree, each node is an API, and each node's children are APIs called by the parent API. Starting from lower-level APIs, it is possible to infer the correct usage rules for them by utilizing the available correct usage rules of their children. We developed a tool based on our idea for inferring API correct usages rules hierarchically, and have applied it to the source code of Linux kernel v4.3 drivers and found 24 previously reported bugs. © 2019 IEEE
- Keywords:
- API Correct Usage Rule ; Software Vulnerability ; Application programming interfaces (API) ; Computer operating systems ; Cryptography ; Program debugging ; Security of data ; Trees (mathematics) ; API Misuse ; Error prone tasks ; Number of samples ; Reasonable accuracy ; Security vulnerabilities ; Software vulnerabilities ; Tree-based approach ; Chromium compounds
- Source: 16th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology, ISCISC 2019, 28 August 2019 through 29 August 2019 ; 2019 , Pages 78-84 ; 9781728143736 (ISBN)
- URL: https://ieeexplore.ieee.org/document/8985157