The program structure tree: computing control regions in linear time
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Symbolic execution and program testing
Communications of the ACM
Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS ...
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Non-interference for a JVM-like language
TLDI '05 Proceedings of the 2005 ACM SIGPLAN international workshop on Types in languages design and implementation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
A decision procedure for bit-vectors and arrays
CAV'07 Proceedings of the 19th international conference on Computer aided verification
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Practical padding oracle attacks
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
Efficient symbolic execution for analysing cryptographic protocol implementations
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Formalizing the LLVM intermediate representation for verified program transformations
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
We analyse the security of code by extending the KLEE symbolic execution engine with a tainting mechanism that tracks information flows of data. We consider both simple flows from direct assignment operations, and (more subtle) indirect flows inferred from the control flow. Our mechanism prevents overtainting by using a region-based static analysis provided by LLVM, the compiler infrastructure machine on which KLEE runs. We rigorously define taint propagation in a formal LLVM intermediate representation semantics, and show the correctness of our method. We illustrate the mechanism with several examples, showing how we use tainting to prove confidentiality and integrity properties.