Verification of communication protocols using data flow analysis
SIGSOFT '96 Proceedings of the 4th ACM SIGSOFT symposium on Foundations of software engineering
UPPAAL—a tool suite for automatic verification of real-time systems
Proceedings of the DIMACS/SYCON workshop on Hybrid systems III : verification and control: verification and control
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Model checking for programming languages using VeriSoft
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A note on reliable full-duplex transmission over half-duplex links
Communications of the ACM
JML (poster session): notations and tools supporting detailed design in Java
OOPSLA '00 Addendum to the 2000 proceedings of the conference on Object-oriented programming, systems, languages, and applications (Addendum)
A simple method for extracting models for protocol code
ISCA '01 Proceedings of the 28th annual international symposium on Computer architecture
Bugs as deviant behavior: a general approach to inferring errors in systems code
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Internetworking with TCP/IP, Volume 1: Principles, Protocols, and Architectures, Fourth Edition
Internetworking with TCP/IP, Volume 1: Principles, Protocols, and Architectures, Fourth Edition
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
Modular verification of software components in C
Proceedings of the 25th International Conference on Software Engineering
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Automatic verification of the TLS handshake protocol
Proceedings of the 2004 ACM symposium on Applied computing
Modeling vulnerabilities of ad hoc routing protocols
Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks
Multiset rewriting and the complexity of bounded security protocols
Journal of Computer Security
Timed model checking of security protocols
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Violating Assumptions with Fuzzing
IEEE Security and Privacy
Efficient Intrusion Detection using Automaton Inlining
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
CMC: a pragmatic approach to model checking real code
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Verified Interoperable Implementations of Security Protocols
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Compilers: Principles, Techniques, and Tools (2nd Edition)
Compilers: Principles, Techniques, and Tools (2nd Edition)
Flow-insensitive type qualifiers
ACM Transactions on Programming Languages and Systems (TOPLAS)
Theoretical Computer Science - Automated reasoning for security protocol analysis
Model checking large network protocol implementations
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Detecting BGP configuration faults with static analysis
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Finding user/kernel pointer bugs with type inference
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Rule-based static analysis of network protocol implementations
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Software verification with BLAST
SPIN'03 Proceedings of the 10th international conference on Model checking software
Breaking and fixing public-key Kerberos
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
NetCheck: network diagnoses from blackbox traces
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
| Hi-index | 0.00 |
Today's software systems communicate over the Internet using standard protocols that have been heavily scrutinized, providing some assurance of resistance to malicious attacks and general robustness. However, the software that implements those protocols may still contain mistakes, and an incorrect implementation could lead to vulnerabilities even in the most well-understood protocol. The goal of this work is to close this gap by introducing a new technique for checking that a C implementation of a protocol matches its description in an RFC or similar standards document. We present a static (compile-time) source code analysis tool called Pistachio that checks C code against a rule-based specification of its behavior. Rules describe what should happen during each round of communication, and can be used to enforce constraints on ordering of operations and on data values. Our analysis is not guaranteed sound due to some heuristic approximations it makes, but has a low false negative rate in practice when compared to known bug reports. We have applied Pistachio to two different implementations of SSH2 and an implementation of RCP. Pistachio discovered a multitude of bugs, including security vulnerabilities, that we confirmed by hand and checked against each project's bug databases.