Title :
Model-Checking for Software Vulnerabilities Detection with Multi-Language Support
Author :
Hadjidj, Rachid ; Yang, Xiaochun ; Tlili, Syrine ; Debbabi, Mourad
Author_Institution :
Comput. Security Lab., Concordia Univ., Montreal, QC
Abstract :
In this paper we develop a security verification framework for open source software with a multi-language support. We base our approach on the GCC compiler which is considered as the defacto open source compiler for several languages including C, C++, JAVA, ADA, FORTRAN,etc. To achieve our goal we use a conventional push down system model-checker for reachability properties, and turn it into a fully-fledged verification tool for both low and high level software security properties. We also allow programmers to define a wide range of temporal security properties using an automata-based specification approach. As a result, our approach can model-check large scale software against system-specific security properties.
Keywords :
C++ language; FORTRAN; Java; formal specification; formal verification; program compilers; public domain software; reachability analysis; security of data; GCC compiler; automata-based specification approach; fully-fledged verification tool; multilanguage support; open source software; push down system model-checker; reachability properties; security verification framework; software vulnerabilities detection; system-specific security properties; Automata; Computer security; Data security; Information security; Java; Laboratories; Motorcycles; Open source software; Programming profession; Software systems; Model-Checkin; Software Vulnerabilities Detection; software security; static verification;
Conference_Titel :
Privacy, Security and Trust, 2008. PST '08. Sixth Annual Conference on
Conference_Location :
Fredericton, NB
Print_ISBN :
978-0-7695-3390-2
DOI :
10.1109/PST.2008.21
