Title :
Formally Analyzing Software Vulnerability Based on Model Checking
Author :
Chunlei, Wang ; MinHuan, Huang ; Ronghui, He
Author_Institution :
Dept. of Comput. Sci., Tsinghua Univ., Beijing
Abstract :
This paper presents a study of the security vulnerability analysis based upon the formal methods and model checking tools. Through deeply exploring the characteristics of software vulnerabilities, we develop the FSM model to formalize and reason about security vulnerabilities. The vulnerability is modeled as a series of elementary FSMs (eFSMs), which specifies a derived predicate. We have proposed a fully automatic method for verifying that a particular program model (FSM) satisfies a given security property. Our work contributes to bridging the gap between abstract specifications of security properties and their actual implementations in program. The effectiveness and the practical usefulness of the approach are exemplified by an illustrative analysis of heap overflow vulnerability.
Keywords :
formal verification; security of data; software performance evaluation; systems analysis; abstract specifications; formal methods; model checking tools; security vulnerability analysis; software formal analysis; software vulnerability; Application software; Automata; Communication system security; Communication system software; Computer networks; Computer science; Computer security; Helium; Information security; Wireless communication; formal method; model checking; software analysis; software vulnerability;
Conference_Titel :
Networks Security, Wireless Communications and Trusted Computing, 2009. NSWCTC '09. International Conference on
Conference_Location :
Wuhan, Hubei
Print_ISBN :
978-1-4244-4223-2
DOI :
10.1109/NSWCTC.2009.104
