Security of modern information and communication systems has become a major concern. This tool paper presents Flinder-SCA, an original combined tool for vulnerability detection, implemented on top of Frama-C, a platform for collaborative verification of C programs, and Search Lab’s Flinder testing tool. Flinder-SCA includes three steps. First, abstract interpretation and taint analysis are used to detect potential vulnerabilities (alarms), then program slicing is applied to reduce the initial program, and finally a testing step tries to confirm detected alarms by fuzzing on the reduced program. We describe the proposed approach and the tool, illustrate its application for the recent OpenSSL/HeartBeat Heartbleed vulnerability, and discuss the benefits and industrial application perspectives of the proposed verification approach.
CITATION STYLE
Kiss, B., Kosmatov, N., Pariente, D., & Puccetti, A. (2015). Combining static and dynamic analyses for vulnerability detection: Illustration on heartbleed. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9434, pp. 39–50). Springer Verlag. https://doi.org/10.1007/978-3-319-26287-1_3
Mendeley helps you to discover research relevant for your work.