An overview of a proof-based approach to detecting C vulnerabilities

Amel Mammar

doi:10.1145/1982185.1982476

An overview of a proof-based approach to detecting C vulnerabilities

Amel Mammar

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

This paper gives an overview of a formal approach for detecting vulnerabilities in C programs using the B formal method. Vulnerabilities denote faults that may be introduced unintentionally into programs making them behave incorrectly. Such faults (or programing errors) may lead to unpredictable behavior and even worse well-motivated attackers may exploit them later to cause real damages. Basically, the proposed approach consists in translating the vulnerable aspects of a C program into a B specification. On this B specification proof and model checking activities are performed in order to detect the presence or absence of vulnerabilities. Compared to the existing vulnerability detection techniques, a proof-based approach permits to eliminate false alarms and denial of service attacks.

Original language	English
Title of host publication	26th Annual ACM Symposium on Applied Computing, SAC 2011
Pages	1343-1344
Number of pages	2
DOIs	https://doi.org/10.1145/1982185.1982476
Publication status	Published - 23 Jun 2011
Event	26th Annual ACM Symposium on Applied Computing, SAC 2011 - TaiChung, Taiwan, Province of China Duration: 21 Mar 2011 → 24 Mar 2011

Publication series

Name	Proceedings of the ACM Symposium on Applied Computing

Conference

Conference	26th Annual ACM Symposium on Applied Computing, SAC 2011
Country/Territory	Taiwan, Province of China
City	TaiChung
Period	21/03/11 → 24/03/11

Keywords

B formal method
mapping rules
model checking
proofs
security
vulnerability detection

Access to Document

10.1145/1982185.1982476

Cite this

@inproceedings{8dde0429569b423d91eb11555fa21706,

title = "An overview of a proof-based approach to detecting C vulnerabilities",

abstract = "This paper gives an overview of a formal approach for detecting vulnerabilities in C programs using the B formal method. Vulnerabilities denote faults that may be introduced unintentionally into programs making them behave incorrectly. Such faults (or programing errors) may lead to unpredictable behavior and even worse well-motivated attackers may exploit them later to cause real damages. Basically, the proposed approach consists in translating the vulnerable aspects of a C program into a B specification. On this B specification proof and model checking activities are performed in order to detect the presence or absence of vulnerabilities. Compared to the existing vulnerability detection techniques, a proof-based approach permits to eliminate false alarms and denial of service attacks.",

keywords = "B formal method, mapping rules, model checking, proofs, security, vulnerability detection",

author = "Amel Mammar",

year = "2011",

month = jun,

day = "23",

doi = "10.1145/1982185.1982476",

language = "English",

isbn = "9781450301138",

series = "Proceedings of the ACM Symposium on Applied Computing",

pages = "1343--1344",

booktitle = "26th Annual ACM Symposium on Applied Computing, SAC 2011",

note = "26th Annual ACM Symposium on Applied Computing, SAC 2011 ; Conference date: 21-03-2011 Through 24-03-2011",

}

TY - GEN

T1 - An overview of a proof-based approach to detecting C vulnerabilities

AU - Mammar, Amel

PY - 2011/6/23

Y1 - 2011/6/23

N2 - This paper gives an overview of a formal approach for detecting vulnerabilities in C programs using the B formal method. Vulnerabilities denote faults that may be introduced unintentionally into programs making them behave incorrectly. Such faults (or programing errors) may lead to unpredictable behavior and even worse well-motivated attackers may exploit them later to cause real damages. Basically, the proposed approach consists in translating the vulnerable aspects of a C program into a B specification. On this B specification proof and model checking activities are performed in order to detect the presence or absence of vulnerabilities. Compared to the existing vulnerability detection techniques, a proof-based approach permits to eliminate false alarms and denial of service attacks.

AB - This paper gives an overview of a formal approach for detecting vulnerabilities in C programs using the B formal method. Vulnerabilities denote faults that may be introduced unintentionally into programs making them behave incorrectly. Such faults (or programing errors) may lead to unpredictable behavior and even worse well-motivated attackers may exploit them later to cause real damages. Basically, the proposed approach consists in translating the vulnerable aspects of a C program into a B specification. On this B specification proof and model checking activities are performed in order to detect the presence or absence of vulnerabilities. Compared to the existing vulnerability detection techniques, a proof-based approach permits to eliminate false alarms and denial of service attacks.

KW - B formal method

KW - mapping rules

KW - model checking

KW - proofs

KW - security

KW - vulnerability detection

U2 - 10.1145/1982185.1982476

DO - 10.1145/1982185.1982476

M3 - Conference contribution

AN - SCOPUS:79959319214

SN - 9781450301138

T3 - Proceedings of the ACM Symposium on Applied Computing

SP - 1343

EP - 1344

BT - 26th Annual ACM Symposium on Applied Computing, SAC 2011

T2 - 26th Annual ACM Symposium on Applied Computing, SAC 2011

Y2 - 21 March 2011 through 24 March 2011

ER -

An overview of a proof-based approach to detecting C vulnerabilities

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this