Precise interprocedural dataflow analysis with applications to constant propagation
TAPSOFT '95 Selected papers from the 6th international joint conference on Theory and practice of software development
| Hi-index | 0.00 |
The security of software systems is threatened by a wide range of attack vectors, such as buffer overflows, insecure information flow, and side channels, which can leak private information, e.g., by monitoring a program's execution time. Even if programmers manage to avoid such vulnerabilities in a program's source code or bytecode, new vulnerabilities can arise as compilers generate machine code from those representations. We propose a virtual execution environment for x86 machine code that combines information from compositional, static, and dynamic program analysis to identify vulnerabilities and timing channels, and uses code transformations to prevent those from being exploited. To achieve an appropriate level of performance as well as combine analysis results, our approach stores summary information in the form of conditional rules that can be shared among analyses.