Abstract
We present a tool for detecting a new type of bad smell in software code and describe how it was used to find critical security bugs, some of which exist in Linux code for many years and are still present in current distributions. Our tool applies state-of-the-art formal methods and static analysis techniques to scan the execution paths of programs. In this scan, the tool detects conditions that may lead to calling certain functions with strange combinations of arguments, called Abnormal Argument Case (AAC) in this paper. These conditions are presented to the developers as they often point at potential bugs and security vulnerabilities. The paper explains how the tool works and describes an empirical evaluation of its performance.
| Original language | English |
|---|---|
| Pages | 71-85 |
| Number of pages | 15 |
| DOIs | |
| State | Published - 2021 |
| Event | 5th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2021 - Be'er Sheva, Israel Duration: 8 Jul 2021 → 9 Jul 2021 |
Conference
| Conference | 5th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2021 |
|---|---|
| Country/Territory | Israel |
| City | Be'er Sheva |
| Period | 8/07/21 → 9/07/21 |