Hardware and Software: Verification and Testing

Software Model Checking (SMC) is one of the most effective automated program verification techniques available today. SMC is applicable to a large range of programs and properties and is capable of producing both counterexamples (i.e., program executions that show how the property is violated by the program) and certificates (i.e., inductive proofs that justify how the property is satisfied in all program executions). In this tutorial, I will demonstrate a Software Model Checker SeaHorn, currently developed in a collaboration between University of Waterloo and SRI International. SeaHorn provides a verification environment build on top of LLVM – an industrial compiler infrastructure. SeaHorn combines traditional and advanced Software Model Checking algorithms based on Satisfiability Modulo Theory (SMT) with Abstract Interpretation and many unique abstract domains. While being state-of-the-art SMC, SeaHorn provides infrastructure for conducting research in automated program analysis. Combinatorial Security Testing: Quo Vandis?

[1]  Lucas C. Cordeiro,et al.  ESBMC 1.22 - (Competition Contribution) , 2014, TACAS.

[2]  Wouter Joosen,et al.  RIPE: runtime intrusion prevention evaluator , 2011, ACSAC '11.

[3]  Peng Ning,et al.  Memsherlock: an automated debugger for unknown memory corruption vulnerabilities , 2007, CCS '07.

[4]  Patrice Godefroid,et al.  Automated Whitebox Fuzz Testing , 2008, NDSS.

[5]  Daniel Kroening,et al.  CBMC - C Bounded Model Checker - (Competition Contribution) , 2014, TACAS.

[6]  Koushik Sen,et al.  CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[7]  Alexandre Petrenko,et al.  Establishing Linux Driver Verification Process , 2009, Ershov Memorial Conference.

[8]  Andreas Podelski,et al.  Ultimate Automizer with Array Interpolation - (Competition Contribution) , 2015, TACAS.

[9]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[10]  Sunghun Kim,et al.  How we get there: a context-guided search strategy in concolic testing , 2014, SIGSOFT FSE.

[11]  Dan Grossman,et al.  Preventing format-string attacks via automatic and efficient dynamic checking , 2005, CCS '05.

[12]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[13]  Koushik Sen DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.

[14]  Daniel Bilar,et al.  Opcodes as predictor for malware , 2007, Int. J. Electron. Secur. Digit. Forensics.

[15]  Alper Sen,et al.  Design of a Modified Concolic Testing Algorithm with Smaller Constraints , 2016, CSTVA@ISSTA.

[16]  Nael B. Abu-Ghazaleh,et al.  Malware-aware processors: A framework for efficient online malware detection , 2015, 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA).

[17]  Zvonimir Pavlinovic,et al.  Inferring annotations for device drivers from verification histories , 2016, 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE).

[18]  Yannis Smaragdakis,et al.  Residual Investigation , 2014, ACM Trans. Softw. Eng. Methodol..

[19]  Ahmad-Reza Sadeghi,et al.  HAFIX: Hardware-Assisted Flow Integrity eXtension , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[20]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[21]  Zhenkai Liang,et al.  Fast and automated generation of attack signatures: a basis for building self-protecting servers , 2005, CCS '05.

[22]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[23]  Lucas C. Cordeiro,et al.  Handling loops in bounded model checking of C programs via k-induction , 2015, International Journal on Software Tools for Technology Transfer.

[24]  Mark Stamp,et al.  Opcode graph similarity and metamorphic detection , 2012, Journal in Computer Virology.

[25]  Bernhard K. Aichernig,et al.  Survey on test data generation tools , 2013, International Journal on Software Tools for Technology Transfer.

[26]  Zhi Wang,et al.  HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity , 2010, 2010 IEEE Symposium on Security and Privacy.

[27]  Somesh Jha,et al.  Semantics-aware malware detection , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[28]  Eric Filiol,et al.  Behavioral detection of malware: from a survey towards an established taxonomy , 2008, Journal in Computer Virology.

[29]  Rupak Majumdar,et al.  Testing for buffer overflows with length abstraction , 2008, ISSTA '08.

[30]  Somesh Jha,et al.  Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.

[31]  Gary McGraw,et al.  ITS4: a static vulnerability scanner for C and C++ code , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[32]  Christopher Krügel,et al.  Limits of Static Analysis for Malware Detection , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[33]  Jochen Hoenicke,et al.  Software Model Checking for People Who Love Automata , 2013, CAV.

[34]  Angelos D. Keromytis,et al.  Transparent ROP Exploit Mitigation Using Indirect Branch Tracing , 2013, USENIX Security Symposium.

[35]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[36]  Adam Kiezun,et al.  jFuzz: A Concolic Whitebox Fuzzer for Java , 2009, NASA Formal Methods.

[37]  Salvatore J. Stolfo,et al.  On the feasibility of online malware detection with performance counters , 2013, ISCA.

[38]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[39]  Helmut Veith,et al.  How did you specify your test suite , 2010, ASE.