Using testing techniques for vulnerability detection in C programs

Abstract : This paper presents a technique for vulnerability detection in C programs. It is based on a vulnerability formal model called "Vulnerability Detection Conditions" (VDCs). This model is used together with passive testing techniques for the automatic detection of vulnerabilities. The proposed technique has been implemented in a dynamic code analysis tool, TestInv-Code, which detects the presence of vulnerabilities on a given code, by checking dynamically the VDCs on the execution traces of the given program. The tool has been applied to several C applications containing some well known vulnerabilities to illustrate its effectiveness. It has also been compared with existing tools in the market, showing promising performances
Document type :
Conference papers
Complete list of metadatas

Cited literature [21 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01303013
Contributor : Médiathèque Télécom Sudparis & Institut Mines-Télécom Business School <>
Submitted on : Friday, April 15, 2016 - 4:41:20 PM
Last modification on : Thursday, February 7, 2019 - 3:47:45 PM

File

978-3-642-24580-0_7_Chapter.pd...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Amel Mammar, Ana Rosa Cavalli, Willy Ronald Jimenez Freitez, Wissam Mallouli, Edgardo Montes de Oca. Using testing techniques for vulnerability detection in C programs. 23th International Conference on Testing Software and Systems (ICTSS), Nov 2011, Paris, France. pp.80-96, ⟨10.1007/978-3-642-24580-0_7⟩. ⟨hal-01303013⟩

Share

Metrics

Record views

222

Files downloads

415