Results 1 
5 of
5
Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation
 In In Proceedings of the 16th USENIX Security Symposium (Security’07
, 2007
"... Different implementations of the same protocol specification usually contain deviations, i.e., differences in how they check and process some of their inputs. Deviations are commonly introduced as implementation errors or as different interpretations of the same specification. Automatic discovery of ..."
Abstract

Cited by 43 (15 self)
 Add to MetaCart
Different implementations of the same protocol specification usually contain deviations, i.e., differences in how they check and process some of their inputs. Deviations are commonly introduced as implementation errors or as different interpretations of the same specification. Automatic discovery of these deviations is important for several applications. In this paper, we focus on automatic discovery of deviations for two particular applications: error detection and fingerprint generation. We propose a novel approach for automatically detecting deviations in the way different implementations of the same specification check and process their input. Our approach has several advantages: (1) by automatically building symbolic formulas from the implementation, our approach is precisely faithful to the implementation; (2) by solving formulas created from two different implementations of the same specification, our approach significantly reduces the number of inputs needed to find deviations; (3) our approach works on binaries directly, without access to the source code. We have built a prototype implementation of our approach and have evaluated it using multiple implementations of two different protocols: HTTP and NTP. Our results show that our approach successfully finds deviations between different implementations, including errors in input checking, and differences in the interpretation of the specification, which can be used as fingerprints. 1
Automatic Generation of Polynomial Loop Invariants: Algebraic Foundations
 In International Symposium on Symbolic and Algebraic Computation 2004 (ISSAC04
, 2004
"... This paper presents the algebraic foundation for an approach for generating polynomial loop invariants in imperative programs. It is first shown that the set of polynomials serving as loop invariants has the algebraic structure of an ideal. Using this connection, a procedure for finding loop invaria ..."
Abstract

Cited by 29 (4 self)
 Add to MetaCart
This paper presents the algebraic foundation for an approach for generating polynomial loop invariants in imperative programs. It is first shown that the set of polynomials serving as loop invariants has the algebraic structure of an ideal. Using this connection, a procedure for finding loop invariants is given in terms of operations on ideals, for which Gröbner basis constructions can be employed. Most importantly, it is proved that if the assignment statements in a loop are solvable (in particular, affine) mappings with positive eigenvalues, then the procedure terminates in at most 2m + 1 iterations, where m is the number of variables in the loop. The proof is done by showing that the irreducible subvarieties of the variety associated with the polynomial ideal approximating the invariant polynomial ideal of the loop either stay the same or increase their dimension in every iteration. This yields a correct and complete algorithm for inferring conjunctions of polynomial equations as invariants. The method has been implemented in Maple using the Groebner package. The implementation has been used to automatically discover nontrivial invariants for several examples to illustrate the power of the techniques.
An abstract interpretation approach for automatic generation of polynomial invariants
 In 11th Static Analysis Symposium
, 2004
"... www.cs.unm.edu/~kapur Abstract. A method for generating polynomial invariants of imperative programs is presented using the abstract interpretation framework. It is shown that for programs with polynomial assignments, an invariant consisting of a conjunction of polynomial equalities can be automatic ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
www.cs.unm.edu/~kapur Abstract. A method for generating polynomial invariants of imperative programs is presented using the abstract interpretation framework. It is shown that for programs with polynomial assignments, an invariant consisting of a conjunction of polynomial equalities can be automatically generated for each program point. The proposed approach takes into account tests in conditional statements as well as in loops, insofar as they can be abstracted to be polynomial equalities and disequalities. The semantics of each statement is given as a transformation on polynomial ideals. Merging of paths in a program is defined as the intersection of the polynomial ideals associated with each path. For a loop junction, a widening operator based on selecting polynomials up to a certain degree is proposed. The algorithm for finding invariants using this widening operator is shown to terminate in finitely many steps. The proposed approach has been implemented and successfully tried on many programs. A table providing details about the programs is given. 1
Methods for the prevention, detection and removal of software security vulnerabilities
 Proceedings of the 42nd Annual Southeast Regional Conference
, 2004
"... Over the past decade, the need to build secure software has become a dominant goal in software development. Consequently, software researchers and practitioners have identified ways that malicious users can exploit software and how developers can fix the vulnerabilities. They have also built a varie ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Over the past decade, the need to build secure software has become a dominant goal in software development. Consequently, software researchers and practitioners have identified ways that malicious users can exploit software and how developers can fix the vulnerabilities. They have also built a variety of source code security checking software applications to partially automate the task of performing a security analysis of a program. Although great advances have been made in this area, the core problem of how the security vulnerabilities occur still exists. An answer to this problem could be a paradigm shift from imperative to functional programming techniques. This may hold the key to removing software vulnerabilities altogether.