Tim Bächle

Context: Vulnerabilities in software systems are often overlooked, even though their exploitation through an attacker can have drastic consequences. In the context of configurable software systems, the situation becomes even more problematic, as the presence of a vulnerability can be tied to specific configurations (i.e., variants) of the system. Our analysis platform Vari-Joern, which is built around the query-based static analysis tool Joern, aims to address this problem by scanning the code of a configurable system for patterns typical of vulnerabilities using two common analysis strategies. For its analysis, it currently uses the queries of the Joern Query Database. While this database is community-maintained, it does not offer many queries. Additionally, queries do not always model vulnerabilities but sometimes also simple code smells and are thus not ideal for the goal of vulnerability discovery.

Goal: Identify common vulnerability patterns, model them as Joern queries, and evaluate their effectiveness across a selection of real-world and configurable C software systems using Vari-Joern.

Requirements: Prior knowledge of common software vulnerabilities in C and configurable software systems (i.e., software product lines) is not required, but might be helpful.