软件在编译时的可扩展安全性验证

2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation Pub Date : 2014-09-28 DOI:10.1109/SCAM.2014.20

Syrine Tlili, José M. Fernandez, A. Belghith, Bilel Dridi, Soufien Hidouri

{"title":"软件在编译时的可扩展安全性验证","authors":"Syrine Tlili, José M. Fernandez, A. Belghith, Bilel Dridi, Soufien Hidouri","doi":"10.1109/SCAM.2014.20","DOIUrl":null,"url":null,"abstract":"Automated verification tools are required to detect coding errors that may lead to severe software vulnerabilities. However, the usage of these tools is still not well integrated into software development life cycle. In this paper, we present our approach that brings the software compilation process and security verification to a meeting point where both can be applied simultaneously in a user-friendly manner. Our security verification engine is implemented as a new GCC pass that can be enabled via flag-fsecurity-check=checks.xml where the input XML file contains a set of user-defined security checks. The verification operates on the GIMPLE intermediate representation of source code that is language and platform independent. The conducted experiments demonstrate the scalability, efficiency and performance of our engine used to verify large scale software, especially the entire Linux kernel source code.","PeriodicalId":407060,"journal":{"name":"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Scalable Security Verification of Software at Compile Time\",\"authors\":\"Syrine Tlili, José M. Fernandez, A. Belghith, Bilel Dridi, Soufien Hidouri\",\"doi\":\"10.1109/SCAM.2014.20\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Automated verification tools are required to detect coding errors that may lead to severe software vulnerabilities. However, the usage of these tools is still not well integrated into software development life cycle. In this paper, we present our approach that brings the software compilation process and security verification to a meeting point where both can be applied simultaneously in a user-friendly manner. Our security verification engine is implemented as a new GCC pass that can be enabled via flag-fsecurity-check=checks.xml where the input XML file contains a set of user-defined security checks. The verification operates on the GIMPLE intermediate representation of source code that is language and platform independent. The conducted experiments demonstrate the scalability, efficiency and performance of our engine used to verify large scale software, especially the entire Linux kernel source code.\",\"PeriodicalId\":407060,\"journal\":{\"name\":\"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation\",\"volume\":\"26 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-09-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SCAM.2014.20\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SCAM.2014.20","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

需要自动验证工具来检测可能导致严重软件漏洞的编码错误。然而，这些工具的使用仍然没有很好地集成到软件开发生命周期中。在本文中，我们提出了将软件编译过程和安全性验证带到一个交汇点的方法，在这个交汇点上，两者可以以一种用户友好的方式同时应用。我们的安全验证引擎是作为一个新的GCC通道实现的，它可以通过flag-fsecurity-check=checks. XML启用，其中输入的XML文件包含一组用户定义的安全检查。验证操作于独立于语言和平台的源代码的GIMPLE中间表示。实验证明了我们的引擎用于验证大型软件，特别是整个Linux内核源代码的可扩展性，效率和性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Scalable Security Verification of Software at Compile Time

Automated verification tools are required to detect coding errors that may lead to severe software vulnerabilities. However, the usage of these tools is still not well integrated into software development life cycle. In this paper, we present our approach that brings the software compilation process and security verification to a meeting point where both can be applied simultaneously in a user-friendly manner. Our security verification engine is implemented as a new GCC pass that can be enabled via flag-fsecurity-check=checks.xml where the input XML file contains a set of user-defined security checks. The verification operates on the GIMPLE intermediate representation of source code that is language and platform independent. The conducted experiments demonstrate the scalability, efficiency and performance of our engine used to verify large scale software, especially the entire Linux kernel source code.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation

自引率

0.00%

发文量