Sirvi Autor "Amjaga, Roman" järgi

Nüüd näidatakse 1 - 1 1

Static Analysis to Detect Memory Corruption Vulnerabilities
(Tartu Ülikool, 2025) Amjaga, Roman; Vojdani, Vesal, juhendaja; Tartu Ülikool. Loodus- ja täppisteaduste valdkond; Tartu Ülikool. Arvutiteaduse instituut
Memory corruption attacks have existed for a long time, and despite that, they are still considered a major threat to modern software. In fact, memory safety is such a major problem that in 2023, the U.S. Cybersecurity and Infrastructure Security Agency and in the year 2024, the Office of the National Cyber Director released articles, addressing the need for memory safety in modern and future software. The most widespread solution to memory safety problems is the use of memory-safe programming languages. In addition to not solving the problem completely, such an approach also does not take into consideration all the software that is written using non-memory-safe programming languages. Due to different constraints, it is often not realistic to rewrite a whole application to another programming language. The need for code written in a non-memory-safe programming language to be secure has several solutions with their advantages and downsides. This paper focuses on one such solution, that is, static code analysis. Static code analysis inspects the code without executing it and can detect a wide range of vulnerabilities. This paper contributed to the field by examining the cause of modern memory corruption bugs in the code. During the analysis, modern static code analyzers were tested to determine whether static code analysis is an effective measure against memory corruption vulnerabilities. In addition, a test suite of simplified real-world vulnerabilities was created for further refinement of static code analysis tools.