Efficiently computing static single assignment form and the control dependence graph
ACM Transactions on Programming Languages and Systems (TOPLAS)
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Proceedings of the 17th Conference on Foundations of Software Technology and Theoretical Computer Science
Houdini, an Annotation Assistant for ESC/Java
FME '01 Proceedings of the International Symposium of Formal Methods Europe on Formal Methods for Increasing Software Productivity
Improving computer security using extended static checking
Improving computer security using extended static checking
Efficient incremental algorithms for dynamic detection of likely invariants
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Unbounded system verification using decision procedure and predicate abstraction
Unbounded system verification using decision procedure and predicate abstraction
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
EXE: Automatically Generating Inputs of Death
ACM Transactions on Information and System Security (TISSEC)
BitBlaze: A New Approach to Computer Security via Binary Analysis
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Unpacking virtualization obfuscators
WOOT'09 Proceedings of the 3rd USENIX conference on Offensive technologies
Towards scalable modular checking of user-defined properties
VSTTE'10 Proceedings of the Third international conference on Verified software: theories, tools, experiments
Zero-sized heap allocations vulnerability analysis
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
A framework for automated architecture-independent gadget search
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
ExplainHoudini: making Houdini inference transparent
VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
A decade of software model checking with SLAM
Communications of the ACM
Q: exploit hardening made easy
SEC'11 Proceedings of the 20th USENIX conference on Security
BAP: a binary analysis platform
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
SAGE: Whitebox Fuzzing for Security Testing
Queue - Networks
Zap: automated theorem proving for software analysis
LPAR'05 Proceedings of the 12th international conference on Logic for Programming, Artificial Intelligence, and Reasoning
The S2E Platform: Design, Implementation, and Applications
ACM Transactions on Computer Systems (TOCS) - Special Issue APLOS 2011
Return-Oriented Programming: Systems, Languages, and Applications
ACM Transactions on Information and System Security (TISSEC) - Special Issue on Computer and Communications Security
Trace partitioning in abstract interpretation based static analyzers
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Communications of the ACM
| Hi-index | 0.02 |
Computational capacity of modern hardware and algorithmic advances have allowed SAT solving to become a tractable technique to rely on for the decision of properties in industrial software. In this article, we present three practical applications of SAT to software security in static vulnerability checking, exploit generation, and the study of copy protections. These areas are some of the most active in terms of both theoretical research and practical solutions. Investigating the successes and failures of approaches to these problems is instructive in providing guidance for future work on the problems themselves as well as other SMT-based systems.