• Documents
  • Authors
  • Tables
  • Log in
  • Sign up
  • MetaCart
  • DMCA
  • Donate

CiteSeerX logo

Advanced Search Include Citations
Advanced Search Include Citations

DMCA

MOPS: an Infrastructure for Examining Security Properties of Software (2002)

Cached

  • Download as a PDF

Download Links

  • [www.cs.berkeley.edu]
  • [now.cs.berkeley.edu]
  • [seclab.cs.ucdavis.edu]
  • [www.eecs.harvard.edu]
  • [www.eecs.umich.edu]
  • [http.cs.berkeley.edu]
  • [www.cs.ucdavis.edu]
  • [www.cs.iastate.edu]
  • [www.cs.berkeley.edu]
  • [www.cs.virginia.edu]
  • [www.cs.berkeley.edu]
  • [www.eecs.berkeley.edu]
  • [www.gnucash.org]
  • [www.cs.ucdavis.edu]
  • [www.cs.berkeley.edu]
  • [http.cs.berkeley.edu]
  • [web.cs.ucdavis.edu]
  • [www.eecs.harvard.edu]
  • [www.eecs.berkeley.edu]
  • [gnucash.org]

    • Other Repositories/Bibliography

  • DBLP
  • Save to List
  • Add to Collection
  • Correct Errors
  • Monitor Changes
by Hao Chen , David Wagner
Venue:In Proceedings of the 9th ACM Conference on Computer and Communications Security
Citations:233 - 8 self
  • Summary
  • Citations
  • Active Bibliography
  • Co-citation
  • Clustered Documents
  • Version History

BibTeX

@INPROCEEDINGS{Chen02mops:an,
    author = {Hao Chen and David Wagner},
    title = {MOPS: an Infrastructure for Examining Security Properties of Software},
    booktitle = {In Proceedings of the 9th ACM Conference on Computer and Communications Security},
    year = {2002},
    pages = {235--244},
    publisher = {ACM Press}
}

Share

Facebook Twitter Reddit Bibsonomy

OpenURL

 

Abstract

We describe a formal approach for finding bugs in security-relevant software and verifying their absence. The idea is as follows: we identify rules of safe programming practice, encode them as safety properties, and verify whether these properties are obeyed. Because manual verification is too expensive, we have built a program analysis tool to automate this process. Our program analysis models the program to be verified as a pushdown automaton, represents the security property as a finite state automaton, and uses model checking techniques to identify whether any state violating the desired security goal is reachable in the program. The major advantages of this approach are that it is sound in verifying the absence of certain classes of vulnerabilities, that it is fully interprocedural, and that it is efficient and scalable. Experience suggests that this approach will be useful in finding a wide range of security vulnerabilities in large programs efficiently.

Keyphrases

examining security property    program analysis tool    safety property    finite state automaton    security vulnerability    large program    major advantage    desired security goal    formal approach    program analysis model    wide range    manual verification    safe programming practice    certain class    pushdown automaton    security-relevant software    security property   

Powered by: Apache Solr
  • About CiteSeerX
  • Submit and Index Documents
  • Privacy Policy
  • Help
  • Data
  • Source
  • Contact Us

Developed at and hosted by The College of Information Sciences and Technology

© 2007-2019 The Pennsylvania State University