An empirical study of vulnerabilities in edge frameworks to support security testing improvement

Malik, Jahanzaib; Pastore, Fabrizio

doi:10.1007/s10664-023-10330-x

Cited by 3 publications

(3 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Besides being commonly used as targets of fuzzing techniques (Candea and Godefroid 2019 ; Malik and Pastore 2023 ; Payer 2019 ), assertions can model a broad range of safety properties (Lamport 1977 ). These include memory-related errors (e.g., violating corresponds to a null pointer dereferencing error), as well as (partial) correctness errors (e.g., violating corresponds to a postcondition error), but exclude liveness properties such as termination.…”

Section: Experimental Designmentioning

confidence: 99%

HyperPUT: generating synthetic faulty programs to challenge bug-finding tools

Felici,

Pozzi,

Furia

2024

Empir Software Eng

View full text Add to dashboard Cite

As research in automatically detecting bugs grows and produces new techniques, having suitable collections of programs with known bugs becomes crucial to reliably and meaningfully compare the effectiveness of these techniques. Most of the existing approaches rely on benchmarks collecting manually curated real-world bugs, or synthetic bugs seeded into real-world programs. Using real-world programs entails that extending the existing benchmarks or creating new ones remains a complex time-consuming task. In this paper, we propose a complementary approach that automatically generates programs with seeded bugs. Our technique, called HyperPUT, builds C programs from a “seed” bug by incrementally applying program transformations (introducing programming constructs such as conditionals, loops, etc.) until a program of the desired size is generated. In our experimental evaluation, we demonstrate how HyperPUT can generate buggy programs that can challenge in different ways the capabilities of modern bug-finding tools, and some of whose characteristics are comparable to those of bugs in existing benchmarks. These results suggest that HyperPUT can be a useful tool to support further research in bug-finding techniques—in particular their empirical evaluation.

show abstract

Section: Experimental Designmentioning

confidence: 99%

HyperPUT: generating synthetic faulty programs to challenge bug-finding tools

Felici,

Pozzi,

Furia

2024

Empir Software Eng

View full text Add to dashboard Cite

show abstract

Section: Security Testing Frameworkmentioning

confidence: 99%

“…The utilization of specialized frameworks that provide tools and methodologies for conducting comprehensive security testing is crucial [194][195][196]. These frameworks encompass a range of techniques, including vulnerability scanning, code analysis, and security assessment [196][197][198]. They assist in automating security testing processes, identifying security weaknesses, and ensuring adherence to established security standards [199][200][201].…”

Section: Security Testing Frameworkmentioning

confidence: 99%

Formal Methods and Validation Techniques for Ensuring Automotive Systems Security

Krichen

2023

Information

View full text Add to dashboard Cite

The increasing complexity and connectivity of automotive systems have raised concerns about their vulnerability to security breaches. As a result, the integration of formal methods and validation techniques has become crucial in ensuring the security of automotive systems. This survey research paper aims to provide a comprehensive overview of the current state-of-the-art formal methods and validation techniques employed in the automotive industry for system security. The paper begins by discussing the challenges associated with automotive system security and the potential consequences of security breaches. Then, it explores various formal methods, such as model checking, theorem proving, and abstract interpretation, which have been widely used to analyze and verify the security properties of automotive systems. Additionally, the survey highlights the validation techniques employed to ensure the effectiveness of security measures, including penetration testing, fault injection, and fuzz testing. Furthermore, the paper examines the integration of formal methods and validation techniques within the automotive development lifecycle, including requirements engineering, design, implementation, and testing phases. It discusses the benefits and limitations of these approaches, considering factors such as scalability, efficiency, and applicability to real-world automotive systems. Through an extensive review of relevant literature and case studies, this survey provides insights into the current research trends, challenges, and open research questions in the field of formal methods and validation techniques for automotive system security. The findings of this survey can serve as a valuable resource for researchers, practitioners, and policymakers involved in the design, development, and evaluation of secure automotive systems.

show abstract

Systematically Detecting Packet Validation Vulnerabilities in Embedded Network Stacks

Amusuo,

Méndez,

et al. 2023

2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE)

View full text Add to dashboard Cite

An empirical study of vulnerabilities in edge frameworks to support security testing improvement

Cited by 3 publications

References 43 publications

HyperPUT: generating synthetic faulty programs to challenge bug-finding tools

HyperPUT: generating synthetic faulty programs to challenge bug-finding tools

Formal Methods and Validation Techniques for Ensuring Automotive Systems Security

Systematically Detecting Packet Validation Vulnerabilities in Embedded Network Stacks

Contact Info

Product

Resources

About