Abstract
In this paper we define a vulnerable code to symbolic link exploit and propose a technique to detect this using program analysis. The existing methods to solve symbolic link exploit is for protecting it, on accessing a temporary file they should perform an investigation whether the file is attacked by symbolic link exploit. If programmers miss the investigation, the program may be revealed to symbolic link exploit. Because our technique detects all the vulnerable codes to symbolic link exploit, it helps programmers keep the program safety. Our technique add two type qualifiers to the existing type system to analyze vulnerable codes to symbolic link exploit, it detects the vulnerable codes using type checking including the added type qualifiers. Our technique detects all the vulnerable codes to symbolic link exploit automatically, it has the advantage of saving costs of modifying and of overviewing all codes because programmers apply the methods protecting symbolic link exploit to only the detected codes as vulnerable. We experiment our analyzer with widely used programs. In our experiments only a portion of all the function fopen() is analyzed as the vulnerabilities to symbolic link exploit. It shows that our technique is useful to diminish modifying codes.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
