Mining for vulnerabilities in embedded TCP/IP stacks with a set of static analysis queries

DSpace/Manakin Repository

Show simple item record

dc.contributor.advisor Focardi, Riccardo it_IT
dc.contributor.author Acerbi, Gabriele <1996> it_IT
dc.date.accessioned 2020-10-14 it_IT
dc.date.accessioned 2021-02-02T10:14:18Z
dc.date.available 2022-06-22T11:46:04Z
dc.date.issued 2020-11-04 it_IT
dc.identifier.uri http://hdl.handle.net/10579/18356
dc.description.abstract In this thesis, we focus on helping the process of finding vulnerabilities in software. Even though it is a widely addressed topic, insecure code is still one of the main causes of security issues in in software because a single bug can potentially mine the security of an entire codebase. The goal of this thesis is to provide a solution that supports and ease the manual code auditing performed by a researcher. Our implementation will do so by providing a set of codebase-independent static analysis queries that can be quickly run on a target source code to identify code regions, across a whole codebase or across several projects, that may suffer from a particular vulnerability or weakness, therefore allowing to fix them all at once. We started by going through the available literature in the field as well as the available tools usually employed for this purpose. We then designed and implemented our solution and we finally evaluated it on the source code of seven popular embedded TCP/IP stacks, being able to identify a total of 14 zero-days out of the 46 we found during this research. Keywords — Vulnerabilities, Static Analysis, Variant Analysis, Joern, CWE, Embedded TCP/IP Stacks it_IT
dc.language.iso en it_IT
dc.publisher Università Ca' Foscari Venezia it_IT
dc.rights © Gabriele Acerbi, 2020 it_IT
dc.title Mining for vulnerabilities in embedded TCP/IP stacks with a set of static analysis queries it_IT
dc.title.alternative Mining for vulnerabilities in embedded TCP/IP stacks with a set of static analysis queries it_IT
dc.type Master's Degree Thesis it_IT
dc.degree.name Informatica - computer science it_IT
dc.degree.level Laurea magistrale it_IT
dc.degree.grantor Dipartimento di Scienze Ambientali, Informatica e Statistica it_IT
dc.description.academicyear 2019-2020_Sessione autunnale it_IT
dc.rights.accessrights embargoedAccess it_IT
dc.thesis.matricno 877653 it_IT
dc.subject.miur INF/01 INFORMATICA it_IT
dc.description.note it_IT
dc.degree.discipline it_IT
dc.contributor.co-advisor it_IT
dc.provenance.upload Gabriele Acerbi (877653@stud.unive.it), 2020-10-14 it_IT
dc.provenance.plagiarycheck Riccardo Focardi (focardi@unive.it), 2020-10-19 it_IT


Files in this item

This item appears in the following Collection(s)

Show simple item record