Dissertation
RUN-TIME ANALYSIS AND SECURITY OF MULTI-LANGUAGE SYSTEMS
Washington State University
Doctor of Philosophy (PhD), Washington State University
05/2024
DOI:
https://doi.org/10.7273/000006593
Abstract
The contemporary software development landscape has witnessed a widespread integration of diverse programming languages, leveraging the specific advantages of each, such as the efficiency of C and the programmability of Python. This trend finds notable applications in prominent domains, including the Android operating system and advanced machine learning frameworks like PyTorch. However, adopting this multi-language approach has ushered in a
series of great challenges for developers, necessitating the identification of robust solutions to tackle potential security vulnerabilities.
Traditional techniques such as program analysis and fuzzing, initially designed for single-language software, face limitations in effectively uncovering vulnerabilities in multi-language systems. Program analysis grapples with challenges in comprehending the intricate control and data flows across diverse languages, often resulting in incomplete vulnerability detection. Conversely, greybox fuzzing encounters difficulties adapting to the nuances of various languages, leading to incomplete code coverage and complications in reproducing identified vulnerabilities. The intricacies within runtime systems supporting multilingual software exacerbate the security clearance predicament, as these systems are often constructed using multiple languages. This complexity adds an additional layer of difficulty for conventional security techniques, emphasizing the need for more adaptive and comprehensive approaches
tailored to the unique challenges posed by the multifaceted nature of multi-language systems.
Within the scope of my dissertation, I endeavored to tackle the intricate challenges posed by vulnerabilities in multi-language software through a comprehensive and multifaceted approach. This approach entailed conducting extensive empirical investigations into vulnerability susceptibility, facilitating the development of dynamic cross-language information flow analysis. Recognizing the pivotal significance of comprehensive test input coverage, I devised
an integrated greybox fuzzing methodology. This innovative approach integrates sensitivity analysis and comprehensive whole-system coverage measurements, significantly enhancing the efficiency of the fuzzing process and vulnerability identification. Furthermore, I focused on fortifying runtime security by proposing a novel two-level collaborative fuzzing framework tailored explicitly for Python language runtime. This contribution was pivotal in reinforcing the software system’s foundational safeguards, ensuring a robust defense mechanism against potential security threats.
Metrics
5 File views/ downloads
17 Record Views
Details
- Title
- RUN-TIME ANALYSIS AND SECURITY OF MULTI-LANGUAGE SYSTEMS
- Creators
- Wen Li
- Contributors
- Haipeng Cai (Chair)Ananth Kalyanaraman (Committee Member)Janardhan Rao Doppa (Committee Member)Xiapu Luo (Committee Member)
- Awarding Institution
- Washington State University
- Academic Unit
- Electrical Engineering and Computer Science, School of
- Theses and Dissertations
- Doctor of Philosophy (PhD), Washington State University
- Publisher
- Washington State University
- Number of pages
- 166
- Identifiers
- 99901122441001842
- Language
- English
- Resource Type
- Dissertation