Adversarial Reachability for Program-level Security Analysis

Ducousso, Soline; Bardin, Sébastien; Potet, Marie-Laure

doi:10.1007/978-3-031-30044-8_3

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2023

2024

Publication Types

Select...

Book1

Article1

Relationship

Self Cite0

Independent2

Authors

Journals

Cited by 2 publications

References 75 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Guiding Symbolic Execution with A-Star

De Castro Pinto,

Rollet,

Sutre

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Guiding Symbolic Execution with A-Star

De Castro Pinto,

Rollet,

Sutre

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Quantitative Robustness for Vulnerability Assessment

Girol,

Lacombe,

Bardin

2024

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Most software analysis techniques focus on bug reachability. However, this approach is not ideal for security evaluation as it does not take into account the difficulty of triggering said bugs. The recently introduced notion of robust reachability tackles this issue by distinguishing between bugs that can be reached independently from uncontrolled inputs, from those that cannot. Yet, this qualitative notion is too strong in practice as it cannot distinguish mostly replicable bugs from truly unrealistic ones. In this work we propose a more flexible quantitative version of robust reachability together with a dedicated form of symbolic execution, in order to automatically measure the difficulty of triggering bugs. This quantitative robust symbolic execution (QRSE) relies on a variant of model counting, called functional E-MAJSAT, which allows to account for the asymmetry between attacker-controlled and uncontrolled variables. While this specific model counting problem has been studied in AI research fields such as Bayesian networks, knowledge representation and probabilistic planning, its use within the context of formal verification presents a new set of challenges. We show the applicability of our solutions through security-oriented case studies, including real-world vulnerabilities such as CVE-2019-20839 from libvncserver.

show abstract

Adversarial Reachability for Program-level Security Analysis

Cited by 2 publications

References 75 publications

Guiding Symbolic Execution with A-Star

Guiding Symbolic Execution with A-Star

Quantitative Robustness for Vulnerability Assessment

Contact Info

Product

Resources

About