Modeling and Discovering Vulnerabilities with Code Property Graphs

Yamaguchi, Fabian; Golde, Nico; Arp, Daniel J.; Rieck, Konrad

doi:10.1109/sp.2014.44

Cited by 541 publications

(294 citation statements)

References 33 publications

Supporting

Mentioning

293

Contrasting

Unclassified

Order By: Relevance

“…Fabian et al [32] combines three representations into a unified data structure. In [32], author introduced a new concept of Code Property Graph which models ASTs, CFGs and PDGs as property graphs.…”

Section: ) Code Property Graphmentioning

confidence: 99%

Reverse Engineering State and Strategy Design Patterns using Static Code Analysis

Mohamed¹,

Kamel²

2018

ijacsa

View full text Add to dashboard Cite

Abstract-This paper presents an approach to detect behavioral design patterns from source code using static analysis techniques. It depends on the concept of Code Property Graph and enriching graph with relationships and properties specific to Design Patterns, to simplify the process of Design Pattern detection. This approach used NoSQL graph database (Neo4j) and uses graph traversal language (Gremlin) for doing graph matching. Our approach, converts the tasks of design pattern detection to a graph matching task by representing Design Patterns in form of graph queries and running it on graph database.

show abstract

Section: ) Code Property Graphmentioning

confidence: 99%

Reverse Engineering State and Strategy Design Patterns using Static Code Analysis

Mohamed¹,

Kamel²

2018

ijacsa

View full text Add to dashboard Cite

show abstract

“…In particular, the Joern tool represents programs as code property graphs, a combination of abstract syntax trees (AST), control flow graphs (CFG) and program dependency graphs (PDG), and stores them in a graph database [5]. That representation allows modeling templates of common vulnerabilities with graph traversals to identify buffer and integer overflows, format string vulnerabilities, and memory disclosures.…”

Section: Existing Workmentioning

confidence: 99%

Big Code: New Opportunities for Improving Software Construction

Ortín¹,

Escalada²,

Rodriguez-Prieto³

2016

JSW

View full text Add to dashboard Cite

An emerging research topic called big code has recently appeared. Big code is based on the idea that open source code repositories can be used to create new kind of programming tools and services to improve software reliability and construction. We discuss different fields of application of big code, and the key issues to implement tools aimed at improving software construction following this approach. We describe the existing works that have already used this idea to build tools for vulnerability detection, software deobfuscation, automatic code completion for API usage, and efficient querying using detailed source-code information. Then, we propose different fields of application and the key issues found. We identify eight different fields where big code may be applied, and describe different examples for each field. We also detect seven different issues that must be tackled when creating tools based on the big code approach.

show abstract

“…Yamaguchi et al [22], [52] also proposed methods that assist security auditing for C/C ++ programs by using machine learning to classify functions as vulnerable/non-vulnerable based on the absence/presence of sanitization [52], or by applying intraprocedural analysis on the code property graph (a combination of AST, CFG and PDG) of a program [22]. Besides the fact that we focus on Java instead of C/C ++ , our approach is based on interprocedural analysis which takes the call-return and parameter-passing mechanisms of the program into account.…”

Section: B Program Slicingmentioning

confidence: 99%

“…Symbolic execution-based security analysis approaches have yet to address scalability issues due to the path explosion problem [21]. Other approaches [22] report analysis results without any form of pruning (e.g. the whole program dependency graphs), thus containing a significant amount of information not useful to security auditing.…”

Section: Introductionmentioning

confidence: 99%

Security slicing for auditing XML, XPath, and SQL injection vulnerabilities

Thomé

Shar

Briand

2015

2015 IEEE 26th International Symposium on Software Reliability Engineering (ISSRE)

View full text Add to dashboard Cite

Abstract-XML, XPath, and SQL injection vulnerabilities are among the most common and serious security issues for Web applications and Web services. Thus, it is important for security auditors to ensure that the implemented code is, to the extent possible, free from these vulnerabilities before deployment. Although existing taint analysis approaches could automatically detect potential vulnerabilities in source code, they tend to generate many false warnings. Furthermore, the produced traces, i.e. dataflow paths from input sources to security-sensitive operations, tend to be incomplete or to contain a great deal of irrelevant information. Therefore, it is difficult to identify real vulnerabilities and determine their causes. One suitable approach to support security auditing is to compute a program slice for each security-sensitive operation, since it would contain all the information required for performing security audits (Soundness). A limitation, however, is that such slices may also contain information that is irrelevant to security (Precision), thus raising scalability issues for security audits. In this paper, we propose an approach to assist security auditors by defining and experimenting with pruning techniques to reduce original program slices to what we refer to as security slices, which contain sound and precise information. To evaluate the proposed pruning mechanism by using a number of open source benchmarks, we compared our security slices with the slices generated by a state-of-the-art program slicing tool. On average, our security slices are 80% smaller than the original slices, thus suggesting significant reduction in auditing costs.

show abstract

Modeling and Discovering Vulnerabilities with Code Property Graphs

Cited by 541 publications

References 33 publications

Reverse Engineering State and Strategy Design Patterns using Static Code Analysis

Reverse Engineering State and Strategy Design Patterns using Static Code Analysis

Big Code: New Opportunities for Improving Software Construction

Security slicing for auditing XML, XPath, and SQL injection vulnerabilities

Contact Info

Product

Resources

About