Indian Journal of Science and Technology

The PDF file you selected should load here if your Web browser has a PDF reader plug-in installed (for example, a recent version of Adobe Acrobat Reader).

If you would like more information about how to print, save, and work with PDFs, Highwire Press provides a helpful Frequently Asked Questions about PDFs.

Alternatively, you can download the PDF file directly to your computer, from where it can be opened using a PDF reader. To download the PDF, click the Download link above.

Fullscreen Fullscreen Off


Objectives: A vast multitude of application and systems programming is carried out in C or C++ programming languages. Even in programs written in languages such as Java, C libraries find wide use.Therefore, due to their ubiquitous presence, the security of C and C++ code is of paramount importance. Methods/ Statistical Analysis: A static analysis tool named “TraC++” was developed to detect security vulnerabilities in C and C++ programs. The tool uses a predefined and dynamically updated list of insecure coding constructs to check their presence in a given C/C++ code. Findings: The tool, developed in C#, was found to capture potential security vulnerabilities and insecure coding constructs in a given C/C++ program. A list of vulnerable constructs used in the code along with the line numbers in which they are present are the output provided by the tool. Furthermore, the tool provides suggestions as to how the vulnerable constructs can be replaced with better constructs. Application/Improvement: The tool can find use in static analysis for security violations in programs and libraries developed in the C/C++ programming languages.

Keywords

C/C++, Secure Coding, Security Vulnerabilities, Static Analysis.
User