| dc.description.abstract | Software security is a crucial factor in software development and maintenance. Static analysis approaches can help secure software in different ways. First, it can help identify vulnerabilities ahead-of run. For example, we can search vulnerable code in wild that are similar to buggy code in existing CVE databases, in which the program properties computed by static analysis are desired. For more complicated bugs, such as concurrency bugs, static analyses can infer more complex program properties, including the relation of pointers (i.e., alias analysis) in the program and the partial order between statements (e.g., happens-before relation), thus detect potential vulnerabilities. Second, static analyses can compute program properties (e.g., data-flow, control-flow) that we can check at runtime to achieve specific security goals (e.g., no control-flow hijack).
In this dissertation, we present three approaches of computing static program properties, combined with other methods, that improves the state-of-the-art for securing real-world software at compile-time and runtime. First, for the core of searching vulnerable code, measuring code similar-ity, we present a new approach that combines static program properties, data-flow and control-flow, with deep learning method. This is to address two limitations of existing techniques: scalability and imprecision. With deep neural networks, the classification is efficient on modern GPUs, while data-flow/control-flow only needs to be computed once for each code. And by leveraging the in-formation in the encoded data-flow/control-flow and the training datasets, the deep neural network model can learn a good metric for measuring similarity between codes.
Second, we present a new approach for detecting atomicity violations in Rust programs, which is a kind of semantic bugs and one of the main source of Rust concurrency issues. We use alias analysis to compute if two atomic operations could access the same variable, and happens-before relation to compute if two such atomic operations could be executed concurrently. With observed heuristics from existing research study, we then statically check if a set of atomic operations from different threads could potentially cause an atomicity violation. This approach is evaluated to be effective in a benchmark of real world Rust programs with known atomicity violations. We also find a potential new atomicity violation in a Rust project from Github.
Both the above two approaches detect bugs ahead-of run. However, real-world programs are almost impossible to be bug-free. Therefore, we present a new approach that effectively defends target program against non-control data attacks by checking statically computed program proper-ties at runtime. Specifically, we introduce a new concept, origin, to abstract a piece of program path and all memory objects owned by it. We then compute all intended cross-origin data flow at compile-time, and instrument the program to check any violations to it at runtime. With an origin-based heap allocator, this approach incurs very low runtime overhead but is still effective on a benchmark of real-world programs with known CVEs. | |
