• P-ISSN 0974-6846 E-ISSN 0974-5645

Indian Journal of Science and Technology


Indian Journal of Science and Technology

Year: 2016, Volume: 9, Issue: 44, Pages: 1-4

Original Article

Enhancing the Security of C/C++ Programs using Static Analysis


Objectives: A vast multitude of application and systems programming is carried out in C or C++ programming languages. Even in programs written in languages such as Java, C libraries find wide use.Therefore, due to their ubiquitous presence, the security of C and C++ code is of paramount importance. Methods/ Statistical Analysis: A static analysis tool named “TraC++” was developed to detect security vulnerabilities in C and C++ programs. The tool uses a predefined and dynamically updated list of insecure coding constructs to check their presence in a given C/C++ code. Findings: The tool, developed in C#, was found to capture potential security vulnerabilities and insecure coding constructs in a given C/C++ program. A list of vulnerable constructs used in the code along with the line numbers in which they are present are the output provided by the tool. Furthermore, the tool provides suggestions as to how the vulnerable constructs can be replaced with better constructs. Application/Improvement: The tool can find use in static analysis for security violations in programs and libraries developed in the C/C++ programming languages.

Keywords: C/C++, Secure Coding, Security Vulnerabilities, Static Analysis


Subscribe now for latest articles and news.