Pinpoint: Finding Software Vulnerabilities in Real World Programs
Software vulnerabilities are starting to incur catastrophic consequences. Bugs in our programs such as the Heartbleed (2014) and WannaCry (2017) cost billions of dollars to fix and generate drastic social impacts. A key reason is that modern software vulnerability detection technology does not catch up with the size and the complexity of real world software system. To scale, these techniques typically relax the scanning strength, producing a lot of noise in the results, or restrict the scope, missing critical issues. Both compromises render software systems to eminent threats.
Pinpoint is a new technique, designed by Prof. Charles Zhang and his research team in the Cybersecurity Laboratory, leveraging clever designs in static analysis, a methodology for predicting software behaviour through logic deduction, to discover dangerous vulnerabilities in large modern software systems. Pinpoint takes a "holistic" approach in combining the analysis of lower level memory behaviour of software systems together with the high level detection of logic errors and, thus, dramatically reducing the amount of computation.
The following diagram illustrates the basic operation of Pinpoint. It is capable of detecting over 40 types of different software vulnerabilities in system as large as eight millions of lines of code within a few hours. It has discovered over 80 confirmed issues in high quality open source systems such as MySQL and Firefox. Pinpoint is also being used by world leading technical firms such as Baidu, Tencent, and Huawei.