Εύρεση ευπαθειών σε μεταγλωττισμένες βιβλιοθήκες λογισμικού
Finding vulnerabilities in compiled software libraries
Master Thesis
Author
Γρηγορίου, Ευάγγελος
Date
2017-09View/ Open
Keywords
Ασφάλεια δικτύων και συστημάτων ; Λογισμικό ; Ασφάλεια διαδικτύουAbstract
Security vulnerabilities of a software can cause an application to malfunction, execute an unauthorized code, unauthorized access to malicious software or other user and other malicious actions for which the user of a device has not approved. These in turn can cause leakage of sensitive information, such as bank account information, unauthorized control of the device, and therefore the execution of unauthorized actions where they appear as user’s actions. In the context of this dissertation, methods will investigate for the identification of vulnerabilities in compiled software libraries and an application was implemented. The application was designed to check simple cases of security vulnerabilities due to the use of Libc's core functions. It is a static analysis tool that analyzes and checks compiled code of x86, x86_64, arm32, and arm64 architectures. The experimental evaluation of the software was performed with real Ubuntu and Android libraries, using the available source code to confirm the correctness of the results and was found to be a useful tool during software development or exploration.