Alleviating False Alarm Problem of Static Buffer Overflow Analysis Seminars/Workshops

Abstract

Buffer overflow detection using static analysis can provide a powerful tool for software programmers to find difficult bugs in C programs. Sound static analysis based on abstract interpretation, however, often suffers from false alarm problem. Although more precise abstraction can generally reduce the false alarms, the cost to perform such analysis is often too high to be practical for large software. On the other hand, less precise abstraction is likely to be scalable in exchange for increased false alarms. In order to attain both precision and scalability, we present a method that first applies less precise abstraction to find buffer overflow alarms fast, and selectively applies a more precise analysis only to the limited areas of code around the potential false alarms. In an attempt to develop the precise analysis of alarm filtering for large C programs, we perform a symbolic execution over the potential alarms found in the previous analysis based on abstract interpretation. Taking advantage of a state-of-art SMT solver, our precise analysis efficiently filter out a substantial number of false alarms. Our experiment with the test cases from three open source programs shows that our filtering method can reduce about 72% of false alarms on average. Destabilization of adversarial organizations is crucial to combating terrorism. The adversarial organizations are complex adaptive systems, which include different types of entities and links to perform complex tasks and evolve over-time to adapt to changing situations. Both the complexity and the adaptivity of the adversary make it difficult for friendly forces to destabilize the adversary and to damage the performance of the adversary’s organization. By taking a dynamic network analytic approach and focusing on how to identify, reason about, and break 1) the adversary’s decision making structure, 2) the likelihood that the adversary can engage in key tasks; and 3) the adversary’s over-time social and geospatial behavior, we can begin to make headway in reasoning about this complexity and adaptivity. I develop four different, interoperable approaches supporting this assessment and estimation on adversarial organizations. These four approaches analyze different aspects of an organization, i.e. the core decision making structure, the high level assessment of task completion likelihood and the micro level simulation of the behavior of adversaries. By unifying these approaches, we can grasp a complete picture of the target as well as the destabilization strategies against it. To ground and demonstrate this research, I use, primarily, three adversarial organizations, the terrorist networks responsible for 1998 US embassy bombing in Tanzania and Kenya; 1998 US embassy bombing in Kenya; and a global terrorist network. My research makes contribution at theoretical, technical and empirical levels. First, I provide a theory of how to create a joint picture from different organizational and computational theories. Second, I develop and test an interoperable analysis framework supported by the suggested joint theory. Third, I empirically analyze three adversarial organizations to demonstrate the usage of this framework and the newly enabled analysis results. This unifying theory and framework for adversarial destabilization, a partially automated intelligence analysis capability, 1) provide intelligence analysis results that can meet the operation tempo in the real world, 2) bridge dynamic network analysis and various inference theories, and 3) provide a better tool that human analysts may use to reduce their time and cost of destabilization analysis.