Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Vulnerability assessment of source codeanalysis tools for memory corruptionvulnerabilities a comparative study
2021 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Background.

One of the main reasons for memory corruption vulnerabilities lies in the lack of built in safety measures for the C/C++ programming language which is often time used to develop performance critical software. Static source code analysis tools perform a review of static(not running) source code usually by identifying sources of user input and data flow analysis in order to highlight potential security issues.

Objectives.

In this thesis we will also try to figure out which types of vulnerabilities related to memory corruption that could be discovered by these kinds of tools as well as which types that appears to be difficult to discover by using this approach.We will also investigate some suggestions for improvements.

Methods.

A comparative results of source code analysis tools written in C/C++ will take place for this thesis. The information needed in order to select the appropriate tools and test data will be derived from

1.Detection of the core reasons for each vulnerability.

2.Enumeration and separation of vulnerability cases.

Results/conclusion.

All of the tools were able to find less then half of the bufferoverflow vulnerabilities that existed in the data set and none of the tools were able to find any vulnerabilities related to integer overflow or use after free. The reason for this could very well be due to the tools limitations in their ability to find vulnerabilities caused by absence of correct processing. 

Keywords: Vulnerabilities, Memory corruption, buffer overflow, integer overflow,use after free, double free

Place, publisher, year, edition, pages
2021.
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:bth-21736OAI: oai:DiVA.org:bth-21736DiVA, id: diva2:1570405
Subject / course
DV1478 Bachelor Thesis in Computer Science
Educational program
DVGIS Security Engineering
Supervisors
Examiners
Available from: 2021-06-22 Created: 2021-06-21 Last updated: 2021-06-22Bibliographically approved

Open Access in DiVA

fulltext(522 kB)527 downloads
File information
File name FULLTEXT02.pdfFile size 522 kBChecksum SHA-512
639d06abbbc9271f409f128e3d5ad7dfe97e76aae373a9291b0e9cb52e4bc04b0c6247aab89bcef45518730478cc0a4fe483f3162b716601c2cd94c2c7977c95
Type fulltextMimetype application/pdf

Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 527 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 316 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf