We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
Toward Pointer-Analysis-Based Vulnerability Discovery in Human–Machine Pair Programming.
- Authors
Wang, Pingyan; Liu, Shaoying
- Abstract
Pointer analysis is the underlying technique of many static analysis tools for vulnerability discovery. It has proved to be effective in identifying a variety of vulnerabilities, such as buffer overflow vulnerabilities and injection vulnerabilities. However, most existing pointer analysis approaches require whole-program availability, i.e. the program to be analyzed should be complete, which may hinder a timely analysis during the coding phase. In this paper, we present two approaches, exhaustive and demand-driven pointer analyses, both of which are applied to a paradigm known as Human–Machine Pair Programming. The ideas enable us to discover security flaws as early as in the coding phase. In this paper, we describe in detail how our approaches maintain flow sensitivity and propagate points-to and taint information in an incremental fashion. We conduct an evaluation of our approaches on SecuriBench Micro and show that the approaches can capture all the potential vulnerabilities in the test cases, though several false alarms are reported.
- Subjects
PHASE coding; FALSE alarms
- Publication
International Journal of Software Engineering & Knowledge Engineering, 2024, Vol 34, Issue 5, p751
- ISSN
0218-1940
- Publication type
Article
- DOI
10.1142/S0218194024500013