The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
ITS4: A static vulnerability scanner for C and C++ code
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Using Programmer-Written Compiler Extensions to Catch Security Holes
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
MOPS: an Infrastructure for Examining Security Properties of Software
MOPS: an Infrastructure for Examining Security Properties of Software
Predicate Abstraction of ANSI-C Programs Using SAT
Formal Methods in System Design
Weighted pushdown systems and their application to interprocedural dataflow analysis
Science of Computer Programming - Special issue: Static analysis symposium (SAS 2003)
Model-Checking for Software Vulnerabilities Detection with Multi-Language Support
PST '08 Proceedings of the 2008 Sixth Annual Conference on Privacy, Security and Trust
| Hi-index | 0.00 |
Growing security requirements for systems and applications have raised the stakes on software security verification techniques. Recently, model-checking is settling in the arena of software verification. It is effective in verifying high-level security properties related to software functionalities. In this paper, we present the experiments conducted with our security verification framework based on model-checking. We embedded a wide range of the CERT secure coding rules into our framework. Then, we verified real software packages against these rules for purpose of demonstrating the capability and the efficiency of our tool in detecting real errors.