Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
- Type of Document: M.Sc. Thesis
- Language: Farsi
- Document No: 54690 (19)
- University: Sharif University of Technology
- Department: Computer Engineering
- Advisor(s): Kharrazi, Mehdi
- Abstract:
- Today, lots of vulnerabilities are discovered by researchers who are analyzing the software. Some researchers study these discovered vulnerabilities and find new ones that are similar to them. So they need to first characterize each previously discovered vulnerability and extract the vulnerable context of the program, then extract new vulnerabilities based on that. Some vulnerabilities are emerging because of developer mistakes in the implementation phase. Software developers use different function calls to do the goal of the program. Incorrect invocation for functions can lead to critical vulnerabilities. Our investigation shows that the root cause for some vulnerabilities is incorrect function call site, and also previous similarity-based approaches for vulnerability discovery don't focus on this type of vulnerability. In this research, we characterize vulnerabilities that emerge because of incorrect function calls. In this research, we propose our method to analyze the functions related to the target vulnerability and characterize the incorrect usage of the target function. To evaluate our extracted vulnerability characterization, we search the program based on that and discover similar vulnerabilities. So we analyzed the vulnerabilities in 7 open-source projects and report 25 cases to the developers. Four CVE ids are assigned to our reports on the analyzed projects
- Keywords:
- Software Vulnerabilities Analysis ; Function Return Value ; Vulnerabilities Characterization ; Functions Misuse ; Application Analysis ; Application Vulnerability
Digital Object List
محتواي کتاب
Bookmark