SecureCvisual: Visualization and Analysis for C Code Security

In many undergraduate programs, students primarily write code in Java or other scripting languages. Yet C and C++ are widely used when performance is important. Poor understanding of a C program's layout in memory and its execution leads to the introduction of security vulnerabilities. We present the SecureCvisual system, which is designed to help students learn to develop more secure and robust C programs.

The system takes input from dynamic analysis using Pintool. The analysis produces a sequence of events that are processed by the visualizations. A student or instructor can step forward or backwards through an execution. Source code is displayed, and events are linked to a line of source code. A program address space visualization depicts the values of registers and the program address space. Buffer overflows and other memory errors are easily seen. An integer representation window identifies integer coercions that take place within an equation. The result of a conversion between integer types is also shown. A sensitive data visualization teaches students how to protect data so that it does not appear unencrypted on secondary storage. The tool is convenient for lecture. Multiple levels of detail and different perspectives on an execution make the tool useful in a variety of courses. This work has been supported by the National Science Foundation under grants DUE-1245310, DGE-1522883 and DGE-1523017.