Thesis
An empirical study of memory vulnerability detection techniques
Washington State University
Master of Science (MS), Washington State University
05/2020
DOI:
https://doi.org/10.7273/000004032
Handle:
https://hdl.handle.net/2376/124940
Abstract
The pervasive presence of software vulnerabilities has constituted a grand challenge to software assurance. In response, researchers have proposed numerous detection techniques to defend against particular types of vulnerabilities. However, there is a lack of objective measurement and comparison of these techniques. Thus it is difficult to systematically understand their strengths and limitations. In this thesis, we performed a fair comparison of five popular memory vulnerability detectors against two benchmark suites with ground truths. The first benchmark suite, Software-Analysis-Benchmark, was artificially generated, while the other benchmark, SV-Benchmark was partially obtained from real software, whose benchmarks were more complex and challenging. We reported the empirical findings based on the comparisons of precision, recall, F1 accuracy, and time cost of the studied detectors against the two benchmark suites. The results revealed that, while generally fast, these detectors achieved 87% F1 accuracy at best against the Software-AnalysisBenchmark, which was generated artificially, while they achieved 72% F1 accuracy at best against SV-Benchmark, which was partially obtained from real-world software. We further conducted in-depth case studies to understand the reasons behind the failures and successes of these existing techniques. We also compared the results and findings from the two benchmark suites to analyze the impact of benchmark selection. Finally, we provide in-depth discussions and recommendations for future studies.
Metrics
10 File views/ downloads
67 Record Views
Details
- Title
- An empirical study of memory vulnerability detection techniques
- Creators
- Yu Nong
- Contributors
- Haipeng Cai (Advisor) - Washington State University, School of Electrical Engineering and Computer Science
- Awarding Institution
- Washington State University
- Academic Unit
- School of Engineering and Computer Science (VANC)
- Theses and Dissertations
- Master of Science (MS), Washington State University
- Publisher
- Washington State University
- Identifiers
- 99900890794801842
- Language
- English
- Resource Type
- Thesis