A memory-related vulnerability detection approach based on vulnerability model with Petri Net

• Published in: Journal of logical and algebraic methods in programming Vol. 132; p. 100859
• Main Authors: Chen, Jinfu, Zhang, Chi, Cai, Saihua, Zhang, Lin, Ma, Liang
• Format: Journal Article
• Language: English
• Published: Elsevier Inc 01.04.2023
• Subjects: Double free; Memory leak; Use after free; Vulnerability detection; Vulnerability model; Vulnerability model; Use after free; Double free; Memory leak; Vulnerability detection
• ISSN: 2352-2208
• DOI: 10.1016/j.jlamp.2023.100859

With the continuous development of information technology, software vulnerabilities have become a critical threat to information security. Post-release detection of memory leaks, double free and use after free is one of the most challenging research problems in software vulnerability analysis. To tackle this challenge, we introduce a vulnerability model based on Petri Net. We consider the characteristics and causes of vulnerabilities, modeling is conducted from the subject and environment of vulnerabilities. Based on this vulnerability model, we propose a memory-related vulnerability detection framework based on vulnerability model (MRVD-VM) and its vulnerability detection algorithm based on vulnerability mode (VDA-VM). The results of experiments on Juliet Test Suite 1.2 for C_CPP show that MRVD-VM significantly outperforms three state-of-the-art baseline tools, including Cppcheck, Flawfinder, and Splint, in detecting memory leaks, double free and use after free. •We propose a vulnerability model based on Petri Net.•We propose a vulnerability detection framework based on the proposed vulnerability model.•Compared with three detection tools, our approach is better.