Click here to flash read.
Many applications are being written in more than one language to take
advantage of the features that different languages provide such as native code
support, improved performance, and language-specific libraries. However, there
are few static analysis tools currently available to analyse the source code of
such multilingual applications. Existing work on cross-language (Java and
C/C++) analysis fails to detect buffer overflow vulnerabilities that are of
cross-language nature. In this work, we are addressing how to do cross-language
analysis between Java and C/C++. Specifically, we propose an approach to do
data flow analysis between Java and C/C++ to detect buffer overflow. We have
developed PilaiPidi, a tool that can automatically analyse the data flow in
projects written in Java and C/C++. Using our approach, we were able to detect
23 buffer overflow vulnerabilities, which are of cross-language nature, in six
different well-known Android applications, and out of these, developers have
confirmed 11 vulnerabilities in three applications.
No creative common's license