Static Analysis and Implementation of TOCTOU Vulnerability

• Main Authors: Yao-Nang Tseng, 曾耀儂
• Other Authors: Yung-Yu Zhuang
• Format: Others
• Language: zh-TW
• Published: 2019
• Online Access: http://ndltd.ncl.edu.tw/handle/7ydy2z

碩士 === 國立中央大學 === 資訊工程學系 === 107 === C language has many advantages of high-level language and low-level language, such as high execution efficiency, direct control of hardware, and good portability, hence it is widely used in the industry. According to the popular programming language list of TIOBE INDEX website, C language has maintained its position in the top 2 since 1989. However, C language has many inborn problems, which is likely to cause programmers to write unsafe codes. In addition, it has accumulated a large number of legacy codes due to its long history. Therefore, most programmers rely on dynamic analysis or static analysis tools to identify these vulnerabilities. TOCTOU (time of check to time of use), one of those vulnerabilities, will lead to serious system security problems once abused. Although scholars have proposed some detection methods, the results are not ideal. We propose a detection method which combines symbolic execution and parameter tracking. The proposed method is able to detect TOCTOU more accurately, and deal with alias problems of variables and functions. Moreover, we implement this method with Clang Static Analyzer and present the detection result through command line and web pages. Finally, the tool we implemented is tested by Juliet Test Suite to verify its accuracy, and compared with the methods proposed in the literature and the C static tools commonly used in the industry.