A proof-based approach to detect vulnerabilities in C programs

Amel Mammar 1, 2, 3 Pengfei Liu 4, 5
1 METHODES-SAMOVAR - Méthodes et modèles pour les réseaux
SAMOVAR - Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux
5 Phoenix - Programming Language Technology For Communication Services
LaBRI - Laboratoire Bordelais de Recherche en Informatique, Inria Bordeaux - Sud-Ouest, EA4136 - Handicap et système nerveux :Action, communication, interaction: rétablissement de la fonction et de la participation [Bordeaux]
Abstract : This paper presents a formal approach to detect vulnerabilities in a C program using the B formal method. Vulnerabilities denote faults that may be introduced unintentionally into programs making them behave incorrectly. Such faults (or programing errors) may lead to unpredictable behavior and even worse well-motivated attackers may exploit them later to cause real damage. Basically, the proposed approach consists in translating the vulnerable aspects of a C program into a B specification. On this B specification proof and model checking activities are performed in order to detect the presence or absence of vulnerabilities. Compared to the existing vulnerability detection techniques, a proof-based approach permits to eliminate false alarms and denial of service attacks
Type de document :
Communication dans un congrès
SERP 2011 : International Conference on Software Engineering Research and Practice, Jul 2011, Las Vegas, United States. CSREA Press, Proceedings SERP 2011 : International Conference on Software Engineering Research and Practice, II, pp.464 - 470, 2011
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-01302477
Contributeur : Médiathèque Télécom Sudparis & Télécom Ecole de Management <>
Soumis le : jeudi 14 avril 2016 - 13:58:54
Dernière modification le : jeudi 9 février 2017 - 15:21:57

Identifiants

  • HAL Id : hal-01302477, version 1

Citation

Amel Mammar, Pengfei Liu. A proof-based approach to detect vulnerabilities in C programs. SERP 2011 : International Conference on Software Engineering Research and Practice, Jul 2011, Las Vegas, United States. CSREA Press, Proceedings SERP 2011 : International Conference on Software Engineering Research and Practice, II, pp.464 - 470, 2011. 〈hal-01302477〉

Partager

Métriques

Consultations de la notice

108