A memory-related vulnerability detection approach based on vulnerability model with Petri Net

With the continuous development of information technology, software vulnerabilities have become a critical threat to information security. Post-release detection of memory leaks, double free and use after free is one of the most challenging research problems in soft-ware vulnerability analysis. To tackle this challenge, we introduce a vulnerability model based on Petri Net. We consider the characteristics and causes of vulnerabilities, modeling is conducted from the subject and environment of vulnerabilities. Based on this vulner-ability model, we propose a memory-related vulnerability detection framework based on vulnerability model (MRVD-VM) and its vulnerability detection algorithm based on vul-nerability mode (VDA-VM). The results of experiments on Juliet Test Suite 1.2 for C_CPP show that MRVD-VM significantly outperforms three state-of-the-art baseline tools, includ-ing Cppcheck, Flawfinder, and Splint, in detecting memory leaks, double free and use after free.(c) 2023 Elsevier Inc. All rights reserved.