Superoptimizer: a look at the smallest program
ASPLOS II Proceedings of the second international conference on Architectual support for programming languages and operating systems
Common cryptographic architecture cryptographic application programming interface
IBM Systems Journal - Special issue on cryptology
A key-management scheme based on control vectors
IBM Systems Journal - Special issue on cryptology
Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
ACM Transactions on Programming Languages and Systems (TOPLAS)
Automating first-order relational logic
SIGSOFT '00/FSE-8 Proceedings of the 8th ACM SIGSOFT international symposium on Foundations of software engineering: twenty-first century applications
Protection in operating systems
Communications of the ACM
Chaff: engineering an efficient SAT solver
Proceedings of the 38th annual Design Automation Conference
Proceedings of the 8th European software engineering conference held jointly with 9th ACM SIGSOFT international symposium on Foundations of software engineering
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Denali: a goal-directed superoptimizer
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Korat: automated testing based on Java predicates
ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
CVC: A Cooperating Validity Checker
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
Lazy Theorem Proving for Bounded Model Checking over Infinite Domains
CADE-18 Proceedings of the 18th International Conference on Automated Deduction
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Exploiting Software: How to Break Code
Exploiting Software: How to Break Code
Generating Tests from Counterexamples
Proceedings of the 26th International Conference on Software Engineering
Software assurance by bounded exhaustive testing
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Deciding Quantifier-Free Presburger Formulas Using Parameterized Solution Bounds
LICS '04 Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science
Synthesis of interface specifications for Java classes
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Scalable error detection using boolean satisfiability
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
FormatGuard: automatic protection from printf format string vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Formal analysis of PIN block attacks
Theoretical Computer Science - Automated reasoning for security protocol analysis
SMT(CLU): a step toward scalability in system verification
Proceedings of the 2006 IEEE/ACM international conference on Computer-aided design
On automated prepared statement generation to remove SQL injection vulnerabilities
Information and Software Technology
Q: exploit hardening made easy
SEC'11 Proceedings of the 20th USENIX conference on Security
A scalable method for solving satisfiability of integer linear arithmetic logic
SAT'05 Proceedings of the 8th international conference on Theory and Applications of Satisfiability Testing
Deduction with XOR constraints in security API modelling
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
From propositional satisfiability to satisfiability modulo theories
SAT'06 Proceedings of the 9th international conference on Theory and Applications of Satisfiability Testing
A progressive simplifier for satisfiability modulo theories
SAT'06 Proceedings of the 9th international conference on Theory and Applications of Satisfiability Testing
Communications of the ACM
| Hi-index | 0.02 |
We argue that finding vulnerabilities in software components is different from finding exploits against them. Exploits that compromise security often use several low-level details of the component, such as layouts of stack frames. Existing software analysis tools, while effective at identifying vulnerabilities, fail to model low-level details, and are hence unsuitable for exploit-finding.We study the issues involved in exploit-finding by considering application programming interface (API) level exploits. A software component is vulnerable to an API-level exploit if its security can be compromised by invoking a sequence of API operations allowed by the component. We present a framework to model low-level details of APIs, and develop an automatic technique based on bounded, infinite-state model checking to discover API-level exploits.We present two instantiations of this framework. We show that format-string exploits can be modeled as API-level exploits, and demonstrate our technique by finding exploits against vulnerabilities in widely-used software. We also use the framework to model a cryptographic-key management API (the IBM CCA) and demonstrate a tool that identifies a previously known exploit.