Cross-Boundary Security Analysis

Abstract

The goal of the project was to develop new methods to discover security vulnerabilities and security exploits. The research involved static analysis, dynamic analysis, and symbolic execution of software at both the source-code and machine-code levels. An aspect that distinguished the approach taken in the project from previous work was the attempt to uncover security problems due to differences in outlook between different levels of a system -- an approach called cross-boundary security analysis. The term refers both to (i) translation effects where the source-level outlook and the machine-code-level outlook differ, as well as (ii) differences in outlook between a source-level view of a component's API and the machine code that implements the component, which can sometimes allow a sequence of API calls to drive a program to a bad state. In both cases, one has two different artifacts that are supposed to have the same semantics, but whose semantics actually differ.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Apr 01, 2013
Accession Number
ADA575881

Entities

People

  • Thomas W. Reps

Organizations

  • University of Wisconsin Madison Department of Computer Science

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Air Force Research Laboratories
  • Algorithms
  • Automata
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Debugging
  • Department Of Defense
  • Instruction Set Architecture
  • Language
  • Machine Languages
  • Operating Systems
  • Programming Languages
  • Software Development
  • Technology Transfer
  • Vulnerability

Fields of Study

  • Computer science
  • Engineering

Readers

  • Cybersecurity.
  • Database Systems and Applications
  • Systems Analysis and Design