A study on the usage of unsafe functions in gcc compared to mobile software systems

Melissa M. Sarnowski, Derrek Larson, Saleh M. Alnaeli, Mohamed K. Sarrab

نتاج البحث

1 اقتباس (Scopus)

ملخص

A case study is presented that empirically analyzes the use of known unsafe functions in gcc, a well-known general purpose software system, along with their distribution over a 5-year period from, 2012 through 2016. The 5-year history of gcc studied is comprised of a total of over 26 million lines of code. gcc was statically analyzed with the use of srcML and a tool created by one of the authors. A count of each unsafe function type present in each year of the system was recorded, along with a count of safe replacement functions, and their distributions analyzed. The results were compared to findings from a previous study on networking and mobile systems. The results show free, strcmp, strlen, and memcpy to be the most prevalent unsafe functions used among the years of gcc studied. This information can help developers by showing where they should direct their attention when refactoring their system to improve security, and thereby improve the system's robustness, reliability, and overall quality. By focusing on the most prevalent unsafe functions, developers can plan their refactoring process to be more effective. The fact that unsafe functions are still being used despite there being safer alternatives shows a need for new security standards, better education about security and security issues, and supervision of programmers to ensure they follow those standards.

اللغة الأصليةEnglish
عنوان منشور المضيف2017 IEEE International Conference on Electro Information Technology, EIT 2017
ناشرIEEE Computer Society
الصفحات138-142
عدد الصفحات5
رقم المعيار الدولي للكتب (الإلكتروني)9781509047673
المعرِّفات الرقمية للأشياء
حالة النشرPublished - سبتمبر 27 2017
منشور خارجيًانعم
الحدث2017 IEEE International Conference on Electro Information Technology, EIT 2017 - Lincoln
المدة: مايو ١٤ ٢٠١٧مايو ١٧ ٢٠١٧

سلسلة المنشورات

الاسمIEEE International Conference on Electro Information Technology
رقم المعيار الدولي للدوريات (المطبوع)2154-0357
رقم المعيار الدولي للدوريات (الإلكتروني)2154-0373

Conference

Conference2017 IEEE International Conference on Electro Information Technology, EIT 2017
الدولة/الإقليمUnited States
المدينةLincoln
المدة٥/١٤/١٧٥/١٧/١٧

ASJC Scopus subject areas

  • ???subjectarea.asjc.1700.1706???
  • ???subjectarea.asjc.1700.1710???
  • ???subjectarea.asjc.2200.2207???
  • ???subjectarea.asjc.2200.2208???

بصمة

أدرس بدقة موضوعات البحث “A study on the usage of unsafe functions in gcc compared to mobile software systems'. فهما يشكلان معًا بصمة فريدة.

قم بذكر هذا