A memory-related vulnerability detection approach based on vulnerability model with Petri Net

Abstract

With the continuous development of information technology, software vulnerabilities have become a critical threat to information security. Post-release detection of memory leaks, double free and use after free is one of the most challenging research problems in software vulnerability analysis. To tackle this challenge, we introduce a vulnerability model based on Petri Net. We consider the characteristics and causes of vulnerabilities, modeling is conducted from the subject and environment of vulnerabilities. Based on this vulnerability model, we propose a memory-related vulnerability detection framework based on vulnerability model (MRVD-VM) and its vulnerability detection algorithm based on vulnerability mode (VDA-VM). The results of experiments on Juliet Test Suite 1.2 for C_CPP show that MRVD-VM significantly outperforms three state-of-the-art baseline tools, including Cppcheck, Flawfinder, and Splint, in detecting memory leaks, double free and use after free.