Directed proof generation for machine code

Authors:
Aditya Thakur;Junghee Lim;Akash Lal;Amanda Burton;Evan Driscoll;Matt Elder;Tycho Andersen;Thomas Reps
Affiliations:
University of Wisconsin, Madison, WI;University of Wisconsin, Madison, WI;Microsoft Research India, Bangalore, India;University of Wisconsin, Madison, WI;University of Wisconsin, Madison, WI;University of Wisconsin, Madison, WI;University of Wisconsin, Madison, WI;,University of Wisconsin, Madison, WI
Venue:
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Year:
2010

Citing 20
Cited 10

Aggregate structure identification and its application to program analysis

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Lazy abstraction

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
The SLAM Toolkit

CAV '01 Proceedings of the 13th International Conference on Computer Aided Verification
Obfuscation of executable code to improve resistance to static disassembly

Proceedings of the 10th ACM conference on Computer and communications security
DART: directed automated random testing

Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Intermediate-representation recovery from low-level code

Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
SYNERGY: a new algorithm for property checking

Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Static Detection of Vulnerabilities in x86 Executables

ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Automating mimicry attacks using static binary analysis

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
The Daikon system for dynamic detection of likely invariants

Science of Computer Programming
Proofs from tests

ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Adding nesting structure to words

Journal of the ACM (JACM)
Symbolic Analysis via Semantic Reinterpretation

Proceedings of the 16th International SPIN Workshop on Model Checking Software
Compositional may-must program analysis: unleashing the power of alternation

Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Nested interpolants

Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
OpenFst: a general and efficient weighted finite-state transducer library

CIAA'07 Proceedings of the 12th international conference on Implementation and application of automata
A system for generating static analyzers for machine instructions

CC'08/ETAPS'08 Proceedings of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction
Analyzing stripped device-driver executables

TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Analysis of modular arithmetic

ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Model checking x86 executables with codesurfer/x86 and WPDS++

CAV'05 Proceedings of the 17th international conference on Computer Aided Verification

Refinement-based CFG reconstruction from unstructured programs

VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
The BINCOA framework for binary code analysis

CAV'11 Proceedings of the 23rd international conference on Computer aided verification
BAP: a binary analysis platform

CAV'11 Proceedings of the 23rd international conference on Computer aided verification
Context-sensitive analysis without calling-context

Higher-Order and Symbolic Computation
There's plenty of room at the bottom: analyzing and verifying machine code

CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Alternating control flow reconstruction

VMCAI'12 Proceedings of the 13th international conference on Verification, Model Checking, and Abstract Interpretation
OpenNWA: a nested-word automaton library

CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
TSL: A System for Generating Abstract Interpreters and its Application to Machine-Code Analysis

ACM Transactions on Programming Languages and Systems (TOPLAS)
Abstract interpretation of microcontroller code: Intervals meet congruences

Science of Computer Programming
PoMMaDe: pushdown model-checking for malware detection

Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present the algorithms used in McVeto (Machine-Code VErification TOol), a tool to check whether a stripped machine-code program satisfies a safety property The verification problem that McVeto addresses is challenging because it cannot assume that it has access to (i) certain structures commonly relied on by source-code verification tools, such as control-flow graphs and call-graphs, and (ii) meta-data, such as information about variables, types, and aliasing It cannot even rely on out-of-scope local variables and return addresses being protected from the program's actions What distinguishes McVeto from other work on software model checking is that it shows how verification of machine-code can be performed, while avoiding conventional techniques that would be unsound if applied at the machine-code level.