Accelerating High-Precision Vulnerability Detection in C Programs with Parallel Graph Summarization
C language programs are often subject to memory vulnerabilities, posing substantial security risks to software systems. Conventional detection techniques, rooted in static value-flow analysis, necessitate exhaustive searches across the entirety of value-flow graphs. This approach results in ineffici...
Saved in:
| Published in | 2023 6th International Conference on Software Engineering and Computer Science (CSECS) pp. 1 - 6 |
|---|---|
| Main Authors | , , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
22.12.2023
|
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | C language programs are often subject to memory vulnerabilities, posing substantial security risks to software systems. Conventional detection techniques, rooted in static value-flow analysis, necessitate exhaustive searches across the entirety of value-flow graphs. This approach results in inefficient analyses of large-scale codes and presents difficulties in parallelization due to interdependent steps. In this study, we propose an innovative approach based on parallel graph summarization. This technique effectively transforms the computational bottleneck into a task that can be expedited in a parallel manner, leveraging multicore computation to significantly enhance the performance and scalability of vulnerability detection within C programs. We segment the value-flow graph of the program into multiple subgraphs, extracting summaries of three pivotal types of information from each subgraph: path summaries, guard summaries, and behaviour summaries. These summaries significantly stream-line subsequent vulnerability detection analyses. Moreover, we implement a task-level parallel technique to accelerate the graph summary process in a multicore environment. Notably, empirical results reveal that our method, while ensuring accuracy, achieves 2.7X-6.1X speedup compared to serial algorithms. When assessed against prevalent open-source detection tools, our approach demonstrates superior trade-offs between accuracy and efficiency. In conclusion, this research presents an efficient and effective strategy for vulnerability detection in larze-scale C programs. |
|---|---|
| AbstractList | C language programs are often subject to memory vulnerabilities, posing substantial security risks to software systems. Conventional detection techniques, rooted in static value-flow analysis, necessitate exhaustive searches across the entirety of value-flow graphs. This approach results in inefficient analyses of large-scale codes and presents difficulties in parallelization due to interdependent steps. In this study, we propose an innovative approach based on parallel graph summarization. This technique effectively transforms the computational bottleneck into a task that can be expedited in a parallel manner, leveraging multicore computation to significantly enhance the performance and scalability of vulnerability detection within C programs. We segment the value-flow graph of the program into multiple subgraphs, extracting summaries of three pivotal types of information from each subgraph: path summaries, guard summaries, and behaviour summaries. These summaries significantly stream-line subsequent vulnerability detection analyses. Moreover, we implement a task-level parallel technique to accelerate the graph summary process in a multicore environment. Notably, empirical results reveal that our method, while ensuring accuracy, achieves 2.7X-6.1X speedup compared to serial algorithms. When assessed against prevalent open-source detection tools, our approach demonstrates superior trade-offs between accuracy and efficiency. In conclusion, this research presents an efficient and effective strategy for vulnerability detection in larze-scale C programs. |
| Author | Mao, Xiaoguang Xu, Rulin Xiao, Wei |
| Author_xml | – sequence: 1 givenname: Rulin surname: Xu fullname: Xu, Rulin email: xurulin11@nudt.edu.cn organization: School of Computer NUDT,Changsha,China – sequence: 2 givenname: Xiaoguang surname: Mao fullname: Mao, Xiaoguang email: xgmao@nudt.edu.cn organization: School of Computer NUDT,Changsha,China – sequence: 3 givenname: Wei surname: Xiao fullname: Xiao, Wei email: xiaowei22@nudt.edu.cn organization: School of Computer NUDT,Changsha,China |
| BookMark | eNo1j0FLw0AUhFfQg9b-Aw_7BxLf23WT7LHE2goFA1GvZbN5SRY2SdmkSP31tqingZmPYeaOXQ_jQIxxhBgR9GNervMyAQAZCxAyRngSGUpxxZY61ZlUICGRaXbL7Mpa8hTM7IaWb13bRUUg6yY3Dvzz6IdzVDnv5hN_ppnsfPHdwHNehLENpp_4l5s7XphgvCfPN8EcOl4e-94E920u_D27aYyfaPmnC_bxsn7Pt9HubfOar3aRQ9RzhLrSJJRCyLBuRIOqkcIkokrACikzUAS1MBWJhrQim0pbIza1BaNUlRi5YA-_vY6I9ofgzhNO-__v8gdlr1Wl |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/CSECS60003.2023.10428132 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 9798350306378 |
| EndPage | 6 |
| ExternalDocumentID | 10428132 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IL CBEJK RIE RIL |
| ID | FETCH-LOGICAL-i119t-19b9e2551081df2f15f32a62b60c233805e0d2abe2fe95ec73cd11fdc0a55b6a3 |
| IEDL.DBID | RIE |
| IngestDate | Wed May 01 11:49:12 EDT 2024 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i119t-19b9e2551081df2f15f32a62b60c233805e0d2abe2fe95ec73cd11fdc0a55b6a3 |
| PageCount | 6 |
| ParticipantIDs | ieee_primary_10428132 |
| PublicationCentury | 2000 |
| PublicationDate | 2023-Dec.-22 |
| PublicationDateYYYYMMDD | 2023-12-22 |
| PublicationDate_xml | – month: 12 year: 2023 text: 2023-Dec.-22 day: 22 |
| PublicationDecade | 2020 |
| PublicationTitle | 2023 6th International Conference on Software Engineering and Computer Science (CSECS) |
| PublicationTitleAbbrev | CSECS |
| PublicationYear | 2023 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| Score | 1.8578932 |
| Snippet | C language programs are often subject to memory vulnerabilities, posing substantial security risks to software systems. Conventional detection techniques,... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1 |
| SubjectTerms | Multicore processing Software algorithms Software engineering Software systems Static analysis static analysis Memory vulnerabilities value-flow graph summarization parallel computing Task analysis Transforms |
| Title | Accelerating High-Precision Vulnerability Detection in C Programs with Parallel Graph Summarization |
| URI | https://ieeexplore.ieee.org/document/10428132 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3PS8MwFA5uJ08qTvxNDl5Tk7TplqPU6fAwBnOy28hPGY5OZnvQv968rFUUBG8llKTkEb730u_7HkJXg8wLFRLRkLkNDMl8qojqc02k1pJSCxbkkSA7zkez7GEu5o1YPWphnHORfOYSeIz_8u3a1HBVFk54SJZD-dRBnVC5bcVaLTuHyutiOiymOWT5CTQFT9rXfzROibhxt4fG7YpbushLUlc6MR-_zBj__Un7qPct0cOTL_A5QDuuPETmxpgAIxDU8hkDhYNMNk0THfxUr8BhOpJh3_GtqyIJq8TLEhcwFdC03jDcy-KJ2kCLlRW-BztrPI0Ct0aw2UOzu-FjMSJNFwWyZExWhEktXSgcWAB_67lnwqdc5Vzn1PBQoFLhqOVKO-6dFM70U2MZ89ZQJYTOVXqEuuW6dMcIe20C4Oc2k9ZmTButlKRuECZMJdOan6Ae7NDidWuUsWg35_SP8TO0C4ECdgjn56hbbWp3ETC-0pcxtp_CkKk8 |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwzV1NT8JAEN0gHvSkRozf7kGPrd1tt7AHD6aAIEhIAMMN96uGSIqBNgb_i3_F3-ZuaTGaeCTx1uxh0t2ZZt5s37wB4LLihYRpIKqRW0VYXugyi5Uxtyjn1HGkkSBPCbIdvzHw7odkWAAfq14YpVRKPlO2eUz_5cupSMxVmf7CNVjW5VPGoWypxZuu0OY3zap25xXG9Vo_aFjZEAFrjBCNLUQ5VRo3I537ZIhDREIXMx9z3xFY12cOUY7EjCscKkqUKLtCIhRK4TBCuM9cbXcDbGqgQfCyPSznAzn0OujVgp5v6grbjCG38xf8MaolzVT1HfCZ73FJUHmxk5jb4v2X_OO_PYRdUPpuQoTdVXrdAwUV7QNxK4ROlCZso2doSCpWd5aNCYKPycRoaKd03wWsqjilmUVwHMHAmDJEtDk0N8-wy2ZmiMwE3hnBbthLW_iyltQSGKxldwegGE0jdQhgyIWGNL70qJQe4oIzRh1V0QZdijjHR6BkPDJ6XUqBjHJnHP-xfgG2Gv2H9qjd7LROwLYJEsOFwfgUFONZos40oon5eRpXEDyt24dfQyMHSA |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2023+6th+International+Conference+on+Software+Engineering+and+Computer+Science+%28CSECS%29&rft.atitle=Accelerating+High-Precision+Vulnerability+Detection+in+C+Programs+with+Parallel+Graph+Summarization&rft.au=Xu%2C+Rulin&rft.au=Mao%2C+Xiaoguang&rft.au=Xiao%2C+Wei&rft.date=2023-12-22&rft.pub=IEEE&rft.spage=1&rft.epage=6&rft_id=info:doi/10.1109%2FCSECS60003.2023.10428132&rft.externalDocID=10428132 |