Formally Analyzing Software Vulnerability Based on Model Checking

Author

Chunlei, Wang ; MinHuan, Huang ; Ronghui, He

Author_Institution

Dept. of Comput. Sci., Tsinghua Univ., Beijing

Volume

1

fYear

2009

fDate

25-26 April 2009

Firstpage

615

Lastpage

618

Abstract

This paper presents a study of the security vulnerability analysis based upon the formal methods and model checking tools. Through deeply exploring the characteristics of software vulnerabilities, we develop the FSM model to formalize and reason about security vulnerabilities. The vulnerability is modeled as a series of elementary FSMs (eFSMs), which specifies a derived predicate. We have proposed a fully automatic method for verifying that a particular program model (FSM) satisfies a given security property. Our work contributes to bridging the gap between abstract specifications of security properties and their actual implementations in program. The effectiveness and the practical usefulness of the approach are exemplified by an illustrative analysis of heap overflow vulnerability.

Keywords

formal verification; security of data; software performance evaluation; systems analysis; abstract specifications; formal methods; model checking tools; security vulnerability analysis; software formal analysis; software vulnerability; Application software; Automata; Communication system security; Communication system software; Computer networks; Computer science; Computer security; Helium; Information security; Wireless communication; formal method; model checking; software analysis; software vulnerability;

fLanguage

English

Publisher

ieee

Conference_Titel

Networks Security, Wireless Communications and Trusted Computing, 2009. NSWCTC '09. International Conference on

Conference_Location

Wuhan, Hubei

Print_ISBN

978-1-4244-4223-2

Type

conf

DOI

10.1109/NSWCTC.2009.104

Filename

4908340