Model checking an entire Linux distribution for security violations
B. Schwarz,Hao Chen,David Wagner,G. Morrison,J. West,J. Lin,Wei Tu +6 more
- 05 Dec 2005
- pp 13-22
TL;DR: The results indicate that model checking can be both a feasible and integral part of the software development process.
read more
Abstract: Software model checking has become a popular tool for verifying programs' behavior. Recent results suggest that it is viable for finding and eradicating security bugs quickly. However, even state-of-the-art model checkers are limited in use when they report an overwhelming number of false positives, or when their lengthy running time dwarfs other software development processes. In this paper we report our experiences with software model checking for security properties on an extremely large scale - an entire Linux distribution consisting of 839 packages and 60 million lines of code. To date, we have discovered 108 exploitable bugs. Our results indicate that model checking can be both a feasible and integral part of the software development process
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
•Proceedings Article
A study of android application security
William Enck,Damien Octeau,Patrick McDaniel,Swarat Chaudhuri +3 more
- 08 Aug 2011
TL;DR: A horizontal study of popular free Android applications uncovered pervasive use/misuse of personal/ phone identifiers, and deep penetration of advertising and analytics networks, but did not find evidence of malware or exploitable vulnerabilities in the studied applications.
Exploiting Unix File-System Races via Algorithmic Complexity Attacks
Xiang Cai,Yuwei Gui,Rob Johnson +2 more
- 17 May 2009
TL;DR: It is concluded that programmers should use provably-secure methods for avoiding race conditions when accessing the file-system and all kernel-based dynamic race detectors must have a model of the programs they protect or provide imperfect protection.
68
Understanding the Evolution of Android App Vulnerabilities
TL;DR: This work uses a data stream of 5 million app packages to reconstruct versioned lineages of Android apps, and applies state-of-the-art vulnerability-finding tools and investigates systematically the reports produced by each tool, study which types of vulnerabilities are found, how they are introduced in the app code, where they are located, and whether they foreshadow malware.
•Proceedings Article
Portably solving file TOCTTOU races with hardness amplification
Dan Tsafrir,Tomer Hertz,David Wagner,Dilma Da Silva +3 more
- 26 Feb 2008
TL;DR: The fact that this approach is immune to these unrealistic attacks suggests it can be used as a simple and portable solution to a large class of TOCTTOU vulnerabilities, without requiring modifications to the underlying operating system.
Test-Driving Static Analysis Tools in Search of C Code Vulnerabilities
George Chatzieleftheriou,Panagiotis Katsaros +1 more
- 18 Jul 2011
TL;DR: Four open source and two commercial tools are compared in terms of their effectiveness and efficiency of their detection capability and a test suite implementing the discussed requirements for frequent defects selected from public catalogues is introduced.
References
The SLAM project: debugging system software via static analysis
Thomas Ball,Sriram K. Rajamani +1 more
- 01 Jan 2002
TL;DR: This work has successfully applied the SLAM toolkit to Windows XP device drivers, to both validate behavior and find defects in their usage of kernel APIs.
Modular verification of software components in C
TL;DR: This work presents a new methodology for automatic verification of C programs against finite state machine specifications using weak simulation as the notion of conformance between the program and its specification.
•Proceedings Article
Detecting format string vulnerabilities with type qualifiers
Umesh Shankar,Kunal Talwar,Jeffrey S. Foster,David Wagner +3 more
- 13 Aug 2001
TL;DR: A new system for automatically detecting format string security vulnerabilities in C programs using a constraint-based type-inference engine and new techniques for presenting the results of such an analysis to the user in a form that makes bugs easier to find and to fix are presented.
Modular verification of software components in C
Sagar Chaki,Edmund M. Clarke,Alex Groce,Somesh Jha,Helmut Veith +4 more
- 03 May 2003
TL;DR: This work presents a new methodology for automatic verification of C programs against finite state machine specifications that uses weak simulation as the notion of conformance between the program and its specification.
Using programmer-written compiler extensions to catch security holes
Ken Ashcraft,Dawson Engler +1 more
- 12 May 2002
TL;DR: This paper shows how system-specific static analysis can find security errors that violate rules such as "integers from untrusted sources must be sanitized before use" and "do not dereference user-supplied pointers."
258
Related Papers (5)
Eugene Tsyrklevich,Bennet Yee +1 more
- 04 Aug 2003
Jinpeng Wei,Calton Pu +1 more
- 13 Dec 2005
Hao Chen,Drew Dean,David Wagner +2 more
- 01 Jan 2004
Dawson Engler,Ken Ashcraft +1 more
- 19 Oct 2003