We introduce abstract interpretation frameworks which are variations on the archetypal framework using Galois connections between concrete and abstract semantics, widenings and narrowings and are obtained by relaxation of the original hypotheses. We consider various ways of establishing

Dedicated to Zohar Manna, for his 2 6 th birthday. Abstract. Abstract interpretation theory formalizes the idea of abstraction of mathematical structures, in particular those involved in the specification of properties and proof methods of computer systems. Verification by abstract interpretation

Abstract interpretation is a theory of semantics approximation which is usedfor the construction of semantics-basedprogram analysis algorithms (sometimes called“data flow analysis”), the comparison of formal semantics (e.g., construction of a denotational semantics from an operational one

Completeness in abstract interpretation is an ideal situation where the abstract semantics is able to take full advantage of the power of representation of the underlying abstract domain. Thus, complete abstract interpretations can be rightfully considered as optimal. In this article, we develop a

The Problem. A malware is a program with a malicious behaviour, that is designed to replicate with no user consent and to damage software and/or data on infected machines. Malware are generally classified according to their goals and propagation methods into viruses, worms, backdoors, Trojans, etc. A malware detector is a system that attempts to verify whether a program presents a malicious behaviour or not. The design of efficient malware detectors is crucial for preventing serious damages caused by malware infection. Current malware detectors (e.g. commercial virus scanners) in general rely on static signature matching and, more recently, on dynamic analyses [9]. The dynamic approach executes the potentially infected program in a controlled environment (sandbox) thus performing a run-time verification of malicious behaviours. However, smart malware may foil a dynamic analysis by modifying their behaviour when executed in a sandbox. Static signature matching classifies a program P as infected by a malware M when an instruction sequence of P matches the characteristic instruction sequence of M. Malware writers frequently use obfuscation to prevent signature matching detection. Code obfuscation [3] consists in syntactically transforming a program while maintaining

The Problem. A malware is a program with a malicious behaviour, that is designed to replicate with no user consent and to damage software and/or data on infected machines. Malwares are generally classified according to their goals and propagation methods into viruses, worms, backdoors, Trojans, etc. A malware detector is a system that attempts to verify whether a program presents a malicious behaviour or not. The design of efficient malware detectors is crucial for preventing serious damages caused by malware infection. Current malware detectors (e.g. commercial virus scanners) in general rely on static signature matching and, more recently, on dynamic analyses [9]. The dynamic approach executes the potentially infected program in a controlled environment (sandbox) thus performing a run-time verification of malicious behaviours. However, smart malwares may foil a dynamic analysis by modifying their behaviour when executed in a sandbox. Static signature matching classifies a program P as infected by a malware M when an instruction sequence of P matches the characteristic instruction sequence of M. Malware writers frequently use obfuscation to prevent signature matching detection. Code obfuscation [3] consists in syntactically transforming a program while maintaining

Abstract not found

We present a logical framework in which abstract interpretations can be naturally specified and then verified. Our approach is based on membership equational logic which extends equational logics by membership axioms, asserting that a term has a certain sort. We represent an abstract interpretation

Reduced product of abstract domains is a rather well-known operation for domain composition in abstract interpretation. In this article, we study its inverse operation, introducing a notion of domain complementation in abstract interpretation. Complementation provides a systematic way to design new

interpreters over given lattices to construct an abstract interpreter for the combination of those lattices. This lends modularity to the process of design and implementation of abstract interpreters. We define the notion of logical product of lattices. This kind of combination is more precise than