A carregar...
Publicação
A use-after-free vulnerability detection method for multi-threaded programs based on an improved Petri net and value flow graph
| Nome: | Descrição: | Tamanho: | Formato: | |
|---|---|---|---|---|
| 1.46 MB | Adobe PDF |
Orientador(es)
Resumo(s)
Use-After-Free (UAF) vulnerability is one of the common vulnerabilities in multi-threaded programs. Its static detection methods based on value flow analysis commonly show good analysis precision and efficiency. However, most of them do not adequately consider the causality constraints caused by different concurrency primitives and complex control structures, which may lead to false positives. Hence, this work proposes a static UAF vulnerability detection method based on an improved Petri net and value flow graph. Firstly, source codes of a multi-threaded program are transformed into intermediate codes, based on which a segmented Petri net is constructed, and control flow causality constraints are analyzed from the net. Then, a static value flow graph of a multi-threaded program is constructed, segment information in the corresponding segmented Petri net is associated with the graph, and UAF triggering and condition-satisfied constraints are analyzed from the graph. Finally, the compatibility among control flow causality, UAF triggering, and condition-satisfied constraints is analyzed to detect UAF vulnerabilities. This work conducts experiments on public and synthetic datasets. Experimental results show that the proposed method’s recall rate and precision are 25% and 33.3% higher than those of Canary, respectively; the proposed method’s recall rate and precision are 3% and 15.1% higher than those of Saber, respectively; and the proposed method’s time complexity is reduced by 12.6 ms and 21.3 ms compared with Canary and Saber, respectively.
Descrição
Li, S., Bao, Y., Lu, F., Yu, C., & Liu, C. (2025). A use-after-free vulnerability detection method for multi-threaded programs based on an improved Petri net and value flow graph. IEEE Access, 13, 177994-178005. https://doi.org/10.1109/ACCESS.2025.3620811 --- This work was supported in part by the National Key Research and Development Program of China under Grant 2022ZD0119501, in part by NSFC under Grant 52374221 and Grant 52574256, in part by the Science and Technology Development Fund of Shandong Province of China under Grant ZR2022MF288 and Grant ZR2023MF097, in part by the Taishan Scholar Program of Shandong Province under Grant tstp20250506, and in part by the Natural Science Foundation of Shandong Province of China under Grant ZR2024QF107.
Palavras-chave
Multi-threaded program UAF vulnerability detection Petri net value flow graph segmentation General Computer Science General Materials Science General Engineering