多语言支持下软件漏洞检测的模型检验

2008 Sixth Annual Conference on Privacy, Security and Trust Pub Date : 2008-10-01 DOI:10.1109/PST.2008.21

Rachid Hadjidj, Xiaochun Yang, Syrine Tlili, M. Debbabi

{"title":"多语言支持下软件漏洞检测的模型检验","authors":"Rachid Hadjidj, Xiaochun Yang, Syrine Tlili, M. Debbabi","doi":"10.1109/PST.2008.21","DOIUrl":null,"url":null,"abstract":"In this paper we develop a security verification framework for open source software with a multi-language support. We base our approach on the GCC compiler which is considered as the defacto open source compiler for several languages including C, C++, JAVA, ADA, FORTRAN,etc. To achieve our goal we use a conventional push down system model-checker for reachability properties, and turn it into a fully-fledged verification tool for both low and high level software security properties. We also allow programmers to define a wide range of temporal security properties using an automata-based specification approach. As a result, our approach can model-check large scale software against system-specific security properties.","PeriodicalId":422934,"journal":{"name":"2008 Sixth Annual Conference on Privacy, Security and Trust","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":"{\"title\":\"Model-Checking for Software Vulnerabilities Detection with Multi-Language Support\",\"authors\":\"Rachid Hadjidj, Xiaochun Yang, Syrine Tlili, M. Debbabi\",\"doi\":\"10.1109/PST.2008.21\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper we develop a security verification framework for open source software with a multi-language support. We base our approach on the GCC compiler which is considered as the defacto open source compiler for several languages including C, C++, JAVA, ADA, FORTRAN,etc. To achieve our goal we use a conventional push down system model-checker for reachability properties, and turn it into a fully-fledged verification tool for both low and high level software security properties. We also allow programmers to define a wide range of temporal security properties using an automata-based specification approach. As a result, our approach can model-check large scale software against system-specific security properties.\",\"PeriodicalId\":422934,\"journal\":{\"name\":\"2008 Sixth Annual Conference on Privacy, Security and Trust\",\"volume\":\"27 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"18\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 Sixth Annual Conference on Privacy, Security and Trust\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PST.2008.21\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 Sixth Annual Conference on Privacy, Security and Trust","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PST.2008.21","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 18

摘要

本文开发了一个支持多语言的开源软件安全验证框架。我们的方法基于GCC编译器，它被认为是多种语言的事实上的开源编译器，包括C、c++、JAVA、ADA、FORTRAN等。为了实现我们的目标，我们使用传统的下推系统模型检查器来检查可达性属性，并将其转变为一个成熟的验证工具，用于低级和高级软件安全属性。我们还允许程序员使用基于自动机的规范方法定义范围广泛的临时安全属性。因此，我们的方法可以根据系统特定的安全属性对大规模软件进行模型检查。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Model-Checking for Software Vulnerabilities Detection with Multi-Language Support

In this paper we develop a security verification framework for open source software with a multi-language support. We base our approach on the GCC compiler which is considered as the defacto open source compiler for several languages including C, C++, JAVA, ADA, FORTRAN,etc. To achieve our goal we use a conventional push down system model-checker for reachability properties, and turn it into a fully-fledged verification tool for both low and high level software security properties. We also allow programmers to define a wide range of temporal security properties using an automata-based specification approach. As a result, our approach can model-check large scale software against system-specific security properties.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 Sixth Annual Conference on Privacy, Security and Trust

自引率

0.00%

发文量

期刊最新文献

Incorporating Privacy Outcomes: Teaching an Old Dog New Tricks LogView: Visualizing Event Log Clusters Unlinkable Communication The Uncertainty of the Truth Model-Checking for Software Vulnerabilities Detection with Multi-Language Support