Avalanche: Using dynamic analysis for automatic defect detection in programs based on network sockets

This article describes an attempt to modify and use Avalanche tool for dynamic analysis and testing of programs reading input data from network sockets. The technique of received data substitution is introduced, and it’s Valgrind based implementation is described. An overview of interception and handling of network system calls is provided. The results of analysis of open-source network applications are included, as well as a list of newly discovered defects.

dynamic analysis, defect detection, testing

1. И. Исаев, Д. Сидоров. "Применение динамического анализа для генерации входных данных, демонстрирующих критические ошибки и уязвимости в программах". Программирование, №4 2010.

2. N. Nethercote and J. Seward. Valgrind: A framework for heavyweight dynamic binary instrumentation. In PLDI, 2007.

3. V. Ganesh and D. Dill. A decision procedure for bit-vectors and arrays. In CAV 2007, LNCS 4590, pages 519–531.

4. Nikto Web Scanner. http://cirt.net/nikto2

5. Nessus, The Network Vulnerability Scanner. http://www.nessus.org/nessus/

6. D. Kozlov, A. Petukhov, "Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis with Penetration Testing". OWASP Application Security Conference 19-22 May 2008, Ghent, Belgium, 2008.

7. V. Haldar, D. Chandra, M. Franz. "Dynamic Taint Propagation for Java". In: Proceedings of the 21st Annual Computer Security Applications Conference (2005).