Safety in Numbers

Abstract

Using large-scale distributed resources can help find vulnerabilities and malicious code. This project studied the feasibility of distributing two kinds of static analyses of machine code across large-scale donated computational cycles: conventional static analyses for finding bugs and vulnerabilities, and concolic execution to find test cases that trigger rare, possibly maliciously hidden, code paths. We demonstrated that concolic execution is particularly suited to large-scale distributed execution since its core computational loop is very parallelizable and communication costs are small. We assessed a large number of possible parallel architectures and experimented in depth with three. In the process of expanding and scaling our concolic engine for this application, we also devised a means to "fuzz" its semantic representation of machine code and so were able to demonstrate a general technique for validating abstract representations of machine code semantics.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 27, 2010
Accession Number
ADA532995

Entities

People

  • Alexey Loginov
  • David Cok
  • David Melski
  • Denis Gopen
  • John Phillips
  • Lindsay Kuper
  • Nathan Lloyd
  • Scott Wisniewski
  • Suan H. Yong

Organizations

  • GrammaTech

Tags

Communities of Interest

  • Cyber
  • Human Systems

DTIC Thesaurus Topics

  • Computational Science
  • Computer Languages
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Cybersecurity
  • High Performance Computing
  • Instruction Set Architecture
  • Language
  • Linguistics
  • Operating Systems
  • Parallel Computing
  • Parallel Processing
  • Programming Languages
  • Software Development
  • Test Methods

Fields of Study

  • Computer science
  • Engineering

Readers

  • Applied Combinatorial Optimization and Logic Circuit Design.
  • Computational Linguistics
  • Computational Modeling and Simulation