APISan: Sanitizing API Usages through Semantic Cross-Checking

Environments

• Tested in Ubuntu 14.04
• Setup

  $ ./setup.sh

• How to build symbolic database

  $ apisan build [cmds]

• Run './configure'

  $ apisan build ./configure
  $ apisan build make

• How to run a checker

  $ apisan check --db=[db] --checker=[checker]

• Example

  $ cd test/return-value
  $ ../../apisan build make
  $ ../../apisan check --checker=rvchk

Checkers (under analyzer/apisan/check)

• Return value checker: retval.py
• Argument checker: argument.py
• Causality checker: causality.py
• Condition checker: condition.py
• Integer overflow checker: intovfl.py
• Format string bug checker: fsb.py

Authors

• Insu Yun [email protected]
• Changwoo Min [email protected]
• Xujie Si [email protected]
• Yeongjin Jang [email protected]
• Taesoo Kim [email protected]
• Mayur Naik [email protected]

Publications

@inproceedings{yun:apisan,
  title        = {{APISan: Sanitizing API Usages through Semantic Cross-checking}},
  author       = {Insu Yun and Changwoo Min and Xujie Si and Yeongjin Jang and Taesoo Kim and Mayur Naik},
  booktitle    = {Proceedings of the 25th USENIX Security Symposium (Security)},
  month        = aug,
  year         = 2016,
  address      = {Austin, TX},
}