Can I See Some Identification?: Detecting and Patching Source Code Vulnerabilities
Loading...
Date
2015-06
Authors
Lipps, Jeremy
Journal Title
Journal ISSN
Volume Title
Publisher
University of Oregon
Abstract
This paper reflects research with the goal of building source analysis of security vulnerabilities for poorly written or faulty code intended to connect two parties via online interaction. Today’s world is becoming more inundated with technology and increased digital functionality through the use of the Internet, and as a result code libraries have been built to support these data transfers. However, these libraries still contain unsafe code and often lack the ability to inform developers of improper usages of the libraries’ tools. In this proof of concept project, the research uses the C programming language and the ROSE compiler to search through the libcurl SSL source code library in an effort to locate such problems and warn the developer of them. The libcurl variable insecure_ok was found to be uninitialized, and so code was built in order to find it and other such variables, as well as warn programmers of its potential dangers. These represent the first steps for further research into other problems within SSL libraries and improvement of checks within the SSLChecker suite.
Description
26 pages. A thesis presented to the Department of Computer and Information Science, and the Clark Honors College of the University of Oregon in partial fulfillment of the requirements for degree of Bachelor of Science, Spring 2015.
Keywords
Code Security, Security, ROSE, SSL, Source Code, Analysis, Vulnerabilities