Skip to Main content Skip to Navigation
Conference papers

High-Precision Sound Analysis to Find Safety and Cybersecurity Defects

Abstract : In recent years, security concerns have become more and more relevant for safety-critical systems. Many cy-bersecurity vulnerabilities are caused by runtime errors, hence sound static runtime error analysis contributes to meeting both safety and security goals. In addition, for cybersecurity goals, often sophisticated data and control flow analyses are needed, e.g., to track the effects of corrupted values, or determine dependence on potentially corrupted inputs. A sound analysis can guarantee that neither control flow paths nor read or write accesses are missed, even in case of data or function pointer accesses. To be feasible for industrial use, a static analyzer must be precise, i.e., produce few false alarms, and it must be user-configurable to allow analyzing specific data and control flow properties. It must also support efficient alarm investigation to minimize the manual effort needed to review the findings of the analyzer. In this article we give an overview of novel extensions of the sound static analyzer Astrée to minimize the false alarm rate, and to support advanced data and control flow analysis by taint analysis and analysis-enhanced program slicing. We describe an application of Astrée's taint analysis framework to detect Spectre v1/1.1/SplitSpectre vulnerabilities. Astrée's program slicer can also be applied for alarm slicing, which can significantly reduce the manual effort of reviewing the analyzer findings. Practical experience is reported on industrial avionic and automotive applications.
Complete list of metadata

Cited literature [18 references]  Display  Hide  Download
Contributor : Daniel Kästner Connect in order to contact the contributor
Submitted on : Friday, February 14, 2020 - 1:28:43 PM
Last modification on : Thursday, February 20, 2020 - 1:35:27 AM
Long-term archiving on: : Friday, May 15, 2020 - 4:04:13 PM


Files produced by the author(s)


  • HAL Id : hal-02479217, version 1



Daniel Kästner, Laurent Mauborgne, Stephan Wilhelm, Christian Ferdinand. High-Precision Sound Analysis to Find Safety and Cybersecurity Defects. 10th European Congress on Embedded Real Time Software and Systems (ERTS 2020), Jan 2020, TOULOUSE, France. ⟨hal-02479217⟩



Record views


Files downloads