2019 Research in the Capitol

Presentation Type

Open Access Poster Presentation

Keywords

Computer software--Development; Computer security;

Abstract

This research examines how software specifications could be used to build more-secure software. For this project, we analyzed known vulnerabilities for open source projects to identify the corrective actions required to patch the vulnerability. For each vulnerability, we then augmented the program with formal assertions in an attempt to allow a static analysis tool to find the vulnerability. Using the information gathered from these assertions, we hope to determine which assertions are most effective at finding vulnerabilities with today's tools and evaluate new assertions that could be added to the static analysis tool to help uncover more vulnerabilities. My work focuses on a common vulnerability type across multiple projects. In particular, I am examining if vulnerabilities caused by missing authentication could be prevented with proper tool usage.

Start Date

1-4-2019 11:00 AM

End Date

1-4-2019 2:30 AM

Event Host

University Honors Programs, Iowa Regent Universities

Faculty Advisor

Andrew Berns

Department

Department of Computer Science

File Format

application/pdf

Share

COinS
 
Apr 1st, 11:00 AM Apr 1st, 2:30 AM

Lightweight Formal Methods for Improving Software Security

This research examines how software specifications could be used to build more-secure software. For this project, we analyzed known vulnerabilities for open source projects to identify the corrective actions required to patch the vulnerability. For each vulnerability, we then augmented the program with formal assertions in an attempt to allow a static analysis tool to find the vulnerability. Using the information gathered from these assertions, we hope to determine which assertions are most effective at finding vulnerabilities with today's tools and evaluate new assertions that could be added to the static analysis tool to help uncover more vulnerabilities. My work focuses on a common vulnerability type across multiple projects. In particular, I am examining if vulnerabilities caused by missing authentication could be prevented with proper tool usage.