Welcome to Code-analysis.org

Code-analysis.org is mainly maintained by G.O.S.S.I.P and is supported by many researchers, engineers, and students. On this website you can find many of our research projects on analyzing real-world, complex programs. Our targets are to help developers and security analysts find bugs and repair/protect code flaws with less manual efforts

Projects

【SIMulation】SIMulation: Demystifying (Insecure) Cellular Network based One-Tap Authentication Services
- 2022-03-14: Research paper accepted by DSN 2022
【Kingfisher】Unveiling Insecurely Used Credentials in IoT-to-Mobile Communications
- 2022-03-14: Research paper accepted by DSN 2022
【Goshawk】Hunting Memory Corruptions via Structure-Aware and Object-Centric Memory Operation Synopsis
- 2022-03-05: Research paper accepted by IEEE S&P 2022
- 2022-02-21: Using Clang-15 instead of Clang-10 to implement more stable and efficient analyses!
【CryptoMPK】Annotating, Tracking, and Protecting Cryptographic Secrets in C/C++ Programs
- 2021-07-03: Research paper accepted by IEEE S&P 2022
【SparrowHawk】Memory Safety Flaw Detection via Data-driven Source Code Annotation
- 2021-07-21: Research paper accepted by Inscrypt 2021
【Smartshield】Automatic Smart Contract Protection Made Easy
- 2020-02-21: Research paper won best paper award of SANER 2020

Bug Detection Results

[2022-04-21]
- found several memory corruption bugs caused by custom memory allocation in Cairo graphics library
[2022-02-01]
- found a double-free bug caused by custom memory allocation in Flite: a small run-time speech synthesis engine
[2022-01-01]
- a use-after-free bug caused by custom memory allocation in NASM 2.15.05
[2021-12-03]
- 49 memory corruptions bugs in Linux kernel, 18 memory corruptions bugs in FreeBSD kernel, 9 memory corruptions bugs in OpenSSL, 15 memory corruptions bugs in IoT SDKS, and 1 memory corruptions bug in Redis; all caused by custom memory management functions!!! See details at Goshawk@code-analysis.org