A proof-based approach to detect vulnerabilities in C programs

Amel Mammar 1, 2, 3 Pengfei Liu 4, 5
1 METHODES-SAMOVAR - Méthodes et modèles pour les réseaux
SAMOVAR - Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux
5 Phoenix - Programming Language Technology For Communication Services
LaBRI - Laboratoire Bordelais de Recherche en Informatique, Inria Bordeaux - Sud-Ouest, EA4136 - Handicap et système nerveux :Action, communication, interaction: rétablissement de la fonction et de la participation [Bordeaux]
Abstract : This paper presents a formal approach to detect vulnerabilities in a C program using the B formal method. Vulnerabilities denote faults that may be introduced unintentionally into programs making them behave incorrectly. Such faults (or programing errors) may lead to unpredictable behavior and even worse well-motivated attackers may exploit them later to cause real damage. Basically, the proposed approach consists in translating the vulnerable aspects of a C program into a B specification. On this B specification proof and model checking activities are performed in order to detect the presence or absence of vulnerabilities. Compared to the existing vulnerability detection techniques, a proof-based approach permits to eliminate false alarms and denial of service attacks
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-01302477
Contributor : Médiathèque Télécom Sudparis & Institut Mines-Télécom Business School <>
Submitted on : Thursday, April 14, 2016 - 1:58:54 PM
Last modification on : Tuesday, February 5, 2019 - 3:26:04 PM

Identifiers

  • HAL Id : hal-01302477, version 1

Citation

Amel Mammar, Pengfei Liu. A proof-based approach to detect vulnerabilities in C programs. SERP 2011 : International Conference on Software Engineering Research and Practice, Jul 2011, Las Vegas, United States. pp.464 - 470. ⟨hal-01302477⟩

Share

Metrics

Record views

188