April 22, 2008 - Systems software with security vulnerabilities (software bugs) expose both individual and enterprise systems to a high risk of exploitation, as the vulnerabilities can be exploited by malicious input to gain control over a system. Worms, including the Microsoft SQL server Slammer and the Sun Telnet worm, which exploit security vulnerabilities in software can compromise hundreds of thousands of computers in the Internet within minutes, causing millions of dollars damage. Manual code inspection is current industry practice to find security vulnerabilities in code. These inspections are time-consuming, repetitive and tedious.

In recent years, bug checking tools that use static program analysis have been developed to check source code to automatically find bugs in software. However, for classifying bugs as potential security vulnerabilities, a bug checking tool needs to test whether a detected bug is dependent on user-input. The program analysis reported in this technical report is a pre-processing step of a bug checking tool for finding program statements that can be controlled by an attacker.

We describe a linear-time algorithm to find statements that expose security vulnerabilities in a program, and report on results for array accesses - as buffer overflows are the most common type of security vulnerability being exploited these days in systems code.

Related Links:

• Cristina Cifuentes' People Page
• Parfait Project Page