【文件属性】:
文件名称:an Infrastructure for Examining Security Properties
文件大小:208KB
文件格式:PDF
更新时间:2012-04-03 01:28:52
rtos,security,project,software
We describe a formal approach for finding bugs in securityrelevant
software and verifying their absence. The idea is as
follows: we identify rules of safe programming practice, encode
them as safety properties, and verify whether these
properties are obeyed. Because manual verification is too
expensive, we have built a program analysis tool to automate
this process. Our program analysis models the program
to be verified as a pushdown automaton, represents
the security property as a finite state automaton, and uses
model checking techniques to identify whether any state violating
the desired security goal is reachable in the program.
The major advantages of this approach are that it is sound
in verifying the absence of certain classes of vulnerabilities,
that it is fully interprocedural, and that it is efficient and
scalable. Experience suggests that this approach will be useful
in finding a wide range of security vulnerabilities in large
programs efficiently.
网友评论
- 对程序的安全测试还在摸索中,有一定帮助~~