Title :
Automated vulnerability detection for compiled smart grid software
Author :
Prowell, S.J. ; Pleszkoch, M. ; Sayre, K.D. ; Linger, R.C.
Author_Institution :
Oak Ridge Nat. Lab., Oak Ridge, TN, USA
Abstract :
While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.
Keywords :
automatic test software; firmware; life testing; power engineering computing; program compilers; program diagnostics; program testing; reasoning about programs; software reliability; automated software behavior computation; automated vulnerability detection; compiled firmware; compiled smart grid software; critical functionality verification; device certification; device lifetimes; function extraction; intentional vulnerabilities; machine precision; rigorous static software analysis; software vulnerability; unintentional vulnerabilities; Catalogs; Computer security; Educational institutions; Laboratories; Semantics; Software; Software engineering; Smart grids; formal verification; reasoning about programs; vulnerability detection;
Conference_Titel :
Innovative Smart Grid Technologies (ISGT), 2012 IEEE PES
Conference_Location :
Washington, DC
Print_ISBN :
978-1-4577-2158-8
DOI :
10.1109/ISGT.2012.6175814
