A Model for Security Vulnerability Pattern

  • Hyungwoo Kang
  • Kibom Kim
  • Soonjwa Hong
  • Dong Hoon Lee
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3982)


Static analysis technology is used to find programming errors before run time. Unlike dynamic analysis technique which looks at the application state while it is being executed, static analysis technique does not require the application to be executed. In this paper, we classify security vulnerability patterns in source code and design a model to express various security vulnerability patterns by making use of pushdown automata. On the basis of the model, it is possible to find a security vulnerability by making use of Abstract Syntax Tree (AST) based pattern matching technique in parsing level.


Static analysis Software security Buffer overflow Abstract Syntax Tree (AST) Pushdown Automata (PDA) 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aleph One: Smashing the stack for fun and profit. Phrack 49-14 (1996)Google Scholar
  2. 2.
    Wheeler, D.A.: Flawfinder,
  3. 3.
  4. 4.
    Viega, J., Bloch, J.T., Kohno, T., McGraw, G.: ITS4: A static vulnerability scanner for C and C++ code. ACM Transactions on Information and System Security 5(2) (2002)Google Scholar
  5. 5.
    Wagner, D., Foster, J.S., Brewer, E.A., Aiken, A.: A first step towards automated detection of buffer overrun vulnerabilities. In: Network and distributed system security symposium, San Diego, CA, pp. 3–17 (2000)Google Scholar
  6. 6.
    Foster, J.: Type qualifiers: Lightweight specifications to improve soft-ware quality. Ph.D. thesis. University of California, Berkeley (2002)Google Scholar
  7. 7.
    Evans, D.: SPLINT,
  8. 8.
    Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Mine, A., Monniaux, D., Rival, X.: A Static Analyzer for Large Safety-Critical Software (2003)Google Scholar
  9. 9.
    Abstract interpretation (2001),
  10. 10.
    Zitser, M., Lippmann, R., Leek, T.: Testing Static Analysis Tools using Exploitable Buffer Overflows from Open Source Code. In: SIGSOFT 2004, pp. 97–106 (2004)Google Scholar
  11. 11.
    Ball, T., Majumdar, R., Millstein, T., Rajamani, S.: Automatic predicate abstraction of C programs. PLDI. ACM SIGPLAN Not. 36(5), 203–213 (2001)CrossRefGoogle Scholar
  12. 12.
    Ball, T., Podelski, A., Rajamani, S.: Relative completeness of abstraction refinement for software model checking. In: Katoen, J.-P., Stevens, P. (eds.) TACAS 2002. LNCS, vol. 2280, pp. 158–172. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Ball, T., Rajamani, S.: The SLAM project: debugging system software via static analysis. In: 29th ACM POPL. LNCS, vol. 1254, pp. 72–83. Springer, Heidelberg (2002)Google Scholar
  14. 14.
    Chen, H., Wagner, D.: MOPS: an infrastructure for examining security properties of software. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), Washington, DC (2002)Google Scholar
  15. 15.
    Chen, H., Wagner, D., Dean, D.: Setuid demystified. In: Proceedings of the Eleventh Usenix Security Symposium, San Francisco, CA (2002)Google Scholar
  16. 16.
  17. 17.
  18. 18.
    Hopcroft, J., Ullman, J.: Introduction to automata theory, languages, and computation. Addison-Wesley, Reading (1979)zbMATHGoogle Scholar
  19. 19.
    Necula, G.C., McPeak, S., Rahul, S.P., Weimer, W.: CIL: Intermediate language and tools for analysis and transformation of C programs. In: Horspool, R.N. (ed.) CC 2002. LNCS, vol. 2304, p. 213. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. 20.
    Rémy, D., Vouillon, J.: Objective ML: An effective object-oriented extension of ML. Theory and Practice of Object Systems 4(1), 27–52 (1998)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Hyungwoo Kang
    • 1
  • Kibom Kim
    • 1
  • Soonjwa Hong
    • 1
  • Dong Hoon Lee
    • 2
  1. 1.National Security Research InstituteDaejeonKorea
  2. 2.Center for Information Security Technologies(CIST)Korea UniversitySeoulKorea

Personalised recommendations