{"title":"DOVE:通过符号控制流断言挖掘来精确定位固件安全漏洞(正在进行中)","authors":"Alessandro Danese, G. Pravadelli, V. Bertacco","doi":"10.1145/3125502.3125541","DOIUrl":null,"url":null,"abstract":"In the past decade, the number of reported security attacks exploiting unchecked input firmware values has been on the rise. To address this concerning trend, this work proposes a novel detection framework, called DOVE, capable of identifying unlikely firmware execution flows, specifically those that may reveal a security vulnerability. The DOVE framework operates by leveraging a symbolic simulation of the firmware's execution, paired with a probability computation that can identify unlikely execution flows and provide to the user corresponding formal assertions.","PeriodicalId":350509,"journal":{"name":"Proceedings of the Twelfth IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis Companion","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"DOVE: pinpointing firmware security vulnerabilities via symbolic control flow assertion mining (work-in-progress)\",\"authors\":\"Alessandro Danese, G. Pravadelli, V. Bertacco\",\"doi\":\"10.1145/3125502.3125541\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the past decade, the number of reported security attacks exploiting unchecked input firmware values has been on the rise. To address this concerning trend, this work proposes a novel detection framework, called DOVE, capable of identifying unlikely firmware execution flows, specifically those that may reveal a security vulnerability. The DOVE framework operates by leveraging a symbolic simulation of the firmware's execution, paired with a probability computation that can identify unlikely execution flows and provide to the user corresponding formal assertions.\",\"PeriodicalId\":350509,\"journal\":{\"name\":\"Proceedings of the Twelfth IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis Companion\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-10-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Twelfth IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis Companion\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3125502.3125541\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Twelfth IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis Companion","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3125502.3125541","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
DOVE: pinpointing firmware security vulnerabilities via symbolic control flow assertion mining (work-in-progress)
In the past decade, the number of reported security attacks exploiting unchecked input firmware values has been on the rise. To address this concerning trend, this work proposes a novel detection framework, called DOVE, capable of identifying unlikely firmware execution flows, specifically those that may reveal a security vulnerability. The DOVE framework operates by leveraging a symbolic simulation of the firmware's execution, paired with a probability computation that can identify unlikely execution flows and provide to the user corresponding formal assertions.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
