Model checking an entire Linux distribution for security violations

21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI:10.1109/CSAC.2005.39
Benjamin Schwarz, Hao Chen, D. Wagner, Jeremy Lin, Wei Tu, Geoff Morrison, Jacob West
{"title":"Model checking an entire Linux distribution for security violations","authors":"Benjamin Schwarz, Hao Chen, D. Wagner, Jeremy Lin, Wei Tu, Geoff Morrison, Jacob West","doi":"10.1109/CSAC.2005.39","DOIUrl":null,"url":null,"abstract":"Software model checking has become a popular tool for verifying programs' behavior. Recent results suggest that it is viable for finding and eradicating security bugs quickly. However, even state-of-the-art model checkers are limited in use when they report an overwhelming number of false positives, or when their lengthy running time dwarfs other software development processes. In this paper we report our experiences with software model checking for security properties on an extremely large scale - an entire Linux distribution consisting of 839 packages and 60 million lines of code. To date, we have discovered 108 exploitable bugs. Our results indicate that model checking can be both a feasible and integral part of the software development process","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"71","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"21st Annual Computer Security Applications Conference (ACSAC'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSAC.2005.39","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 71

Abstract

Software model checking has become a popular tool for verifying programs' behavior. Recent results suggest that it is viable for finding and eradicating security bugs quickly. However, even state-of-the-art model checkers are limited in use when they report an overwhelming number of false positives, or when their lengthy running time dwarfs other software development processes. In this paper we report our experiences with software model checking for security properties on an extremely large scale - an entire Linux distribution consisting of 839 packages and 60 million lines of code. To date, we have discovered 108 exploitable bugs. Our results indicate that model checking can be both a feasible and integral part of the software development process
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
模型检查整个Linux发行版的安全违规
软件模型检查已成为验证程序行为的一种流行工具。最近的结果表明,它对于快速发现和根除安全漏洞是可行的。然而,即使是最先进的模型检查器,当它们报告大量的误报时,或者当它们漫长的运行时间使其他软件开发过程相形见绌时,它们的使用也受到限制。在这篇论文中,我们报告了我们在一个极其大规模的软件模型安全属性检查方面的经验——整个Linux发行版由839个包和6000万行代码组成。到目前为止,我们已经发现了108个可利用的漏洞。我们的结果表明,模型检查可以是软件开发过程中一个可行的和不可分割的部分
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
21st Annual Computer Security Applications Conference (ACSAC'05)
21st Annual Computer Security Applications Conference (ACSAC'05)
自引率
0.00%
发文量
0
期刊最新文献
User-centered security: stepping up to the grand challenge Countering trusting trust through diverse double-compiling Automatic generation of buffer overflow attack signatures: an approach based on program behavior models Evolving successful stack overflow attacks for vulnerability testing Replay attack in TCG specification and solution
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1