Limiting trust in the storage stack
Proceedings of the second ACM workshop on Storage security and survivability
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
Compositional dynamic test generation
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Variably interprocedural program analysis for runtime error detection
Proceedings of the 2007 international symposium on Software testing and analysis
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
SAFELI: SQL injection scanner using symbolic execution
TAV-WEB '08 Proceedings of the 2008 workshop on Testing, analysis, and verification of web services and applications
EXE: Automatically Generating Inputs of Death
ACM Transactions on Information and System Security (TISSEC)
Automatic generation of XSS and SQL injection attacks with goal-directed model checking
SS'08 Proceedings of the 17th conference on Security symposium
Panalyst: privacy-aware remote error analysis on commodity software
SS'08 Proceedings of the 17th conference on Security symposium
Model-Checking the Linux Virtual File System
VMCAI '09 Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation
Bunker: a privacy-oriented platform for network tracing
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Automated Analysis of Reo Circuits using Symbolic Execution
Electronic Notes in Theoretical Computer Science (ENTCS)
Tolerating file-system mistakes with EnvyFS
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
Rump file systems: kernel code reborn
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
Stable deterministic multithreading through schedule memoization
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Making the common case the only case with anticipatory memory allocation
FAST'11 Proceedings of the 9th USENIX conference on File and stroage technologies
Symbolic execution for software testing in practice: preliminary assessment
Proceedings of the 33rd International Conference on Software Engineering
Partial replay of long-running applications
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Using declarative invariants for protecting file-system integrity
PLOS '11 Proceedings of the 6th Workshop on Programming Languages and Operating Systems
Server-side verification of client behavior in online games
ACM Transactions on Information and System Security (TISSEC)
Towards reliable storage systems
Towards reliable storage systems
Making the common case the only case with anticipatory memory allocation
ACM Transactions on Storage (TOS)
Scalable testing of file system checkers
Proceedings of the 7th ACM european conference on Computer Systems
Recon: verifying file system consistency at runtime
FAST'12 Proceedings of the 10th USENIX conference on File and Storage Technologies
File system virtual appliances: Portable file system implementations
ACM Transactions on Storage (TOS)
Recon: Verifying file system consistency at runtime
ACM Transactions on Storage (TOS)
SymDrive: testing drivers without devices
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Symbolic execution for software testing: three decades later
Communications of the ACM
Verifying systems rules using rule-directed symbolic execution
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Hi-index | 0.02 |
Many current systems allow data produced by potentially malicious sources to be mounted as a file system. File system code must check this data for dangerous values or invariant violations before using it. Because file system code typically runs inside the operating system kernel, even a single unchecked value can crash the machine or lead to an exploit. Unfortunately, validating file system images is complex: they form DAGs with complex dependency relationships across massive amounts of data bound together with intricate, undocumented assumptions. This paper shows how to automatically find bugs in such code using symbolic execution. Rather than running the code on manually-constructed concrete input, we instead run it on symbolic input that is initially allowed to be "anything." As the code runs, it observes (tests) this input and thus constrains its possible values. We generate test cases by solving these constraints for concrete values. The approach works well in practice: we checked the disk mounting code of three widely-used Linux file systems: ext2, ext3, and JFS and found bugs in all of them where malicious data could either cause a kernel panic or form the basis of a buffer overflow attack.