Visible to the public Enhancement in Buffer Overflow (BOF) Detection Capability of Cppcheck Static Analysis Tool

TitleEnhancement in Buffer Overflow (BOF) Detection Capability of Cppcheck Static Analysis Tool
Publication TypeConference Paper
Year of Publication2021
AuthorsIqbal, Younis, Sindhu, Muddassar Azam, Arif, Muhammad Hassan, Javed, Muhammad Amir
Conference Name2021 International Conference on Cyber Warfare and Security (ICCWS)
Keywordsbuffer overflow, Buffer overflows, codes, composability, cyber warfare, Data flow analysis using DFG, Human Behavior, Performance analysis, pubcrawl, resilience, Resiliency, security, security vulnerabilities, static analysis, Static Analysis Security Tool, static code analysis
Abstract

Buffer overflow (BOF) vulnerability is one of the most dangerous security vulnerability which can be exploited by unwanted users. This vulnerability can be detected by both static and dynamic analysis techniques. For dynamic analysis, execution of the program is required in which the behavior of the program according to specifications is checked while in static analysis the source code is analyzed for security vulnerabilities without execution of code. Despite the fact that many open source and commercial security analysis tools employ static and dynamic methods but there is still a margin for improvement in BOF vulnerability detection capability of these tools. We propose an enhancement in Cppcheck tool for statically detecting BOF vulnerability using data flow analysis in C programs. We have used the Juliet Test Suite to test our approach. We selected two best tools cited in the literature for BOF detection (i.e. Frama-C and Splint) to compare the performance and accuracy of our approach. From the experiments, our proposed approach generated Youden Index of 0.45, Frama-C has only 0.1 Youden's score and Splint generated Youden score of -0.47. These results show that our technique performs better as compared to both Frama-C and Splint static analysis tools.

DOI10.1109/ICCWS53234.2021.9703043
Citation Keyiqbal_enhancement_2021