Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
Principles of Program Analysis
Principles of Program Analysis
The temporal logic of branching time
POPL '81 Proceedings of the 8th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Specification and verification of concurrent systems in CESAR
Proceedings of the 5th Colloquium on International Symposium on Programming
Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic
Logic of Programs, Workshop
Model Checking An Entire Linux Distribution for Security Violations
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Model Checking Software at Compile Time
TASE '07 Proceedings of the First Joint IEEE/IFIP Symposium on Theoretical Aspects of Software Engineering
Secure programming with static analysis
Secure programming with static analysis
Software verification with BLAST
SPIN'03 Proceedings of the 10th international conference on Model checking software
SATABS: SAT-Based predicate abstraction for ANSI-C
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Counterexample guided path reduction for static program analysis
Concurrency, Compositionality, and Correctness
Hi-index | 0.00 |
Many embedded systems today are no longer isolated control units, but are fully fledged miniature desktops with their own kernel and sometimes operating system networked with the outside world. This opens up a whole new set of security issues previously not known to embedded systems. One example is potentially malicious input that exploits source code weaknesses leading to critical mission failures. In this paper we propose a new automated malicious input detection approach that works on a staged application of traditional tainted dataflow analysis and syntactic software model checking. The advantages of this approach are that tainted data can be tracked from its source to its application point, a precise path through the source code can be computed, speed and precision can be custom-tuned by automated refinement, and the approach is flexible to deal with real-life security threats. We illustrate our approach with a number of analysis examples taken from existing open source C/C++ projects.