CiteSeerX — Search Results — Verifying x86 instruction implementations

Results 1 - 10 of 597

Automated Whitebox Fuzz Testing

by Patrice Godefroid, Michael Y. Levin, David Molnar

"... Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally, fuzz testing tools apply random mutations to well-formed inputs of a program and test the resulting values. We present an alternative whitebox fuzz testing approach inspired by recent advances in ..."

Abstract - Cited by 311 (25 self) - Add to MetaCart

Execution), a new tool employing x86 instruction-level tracing and emulation for whitebox fuzzing of arbitrary file-reading Windows applications. We describe key optimizations needed to make dynamic test generation scale to large input files and long execution traces with hundreds of millions

Native Client: A Sandbox for Portable, Untrusted x86 Native Code

by Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, Nicholas Fullagar - IN PROCEEDINGS OF THE 2007 IEEE SYMPOSIUM ON SECURITY AND PRIVACY , 2009

"... This paper describes the design, implementation and evaluation of Native Client, a sandbox for untrusted x86 native code. Native Client aims to give browser-based applications the computational performance of native applications without compromising safety. Native Client uses software fault isolatio ..."

Abstract - Cited by 196 (5 self) - Add to MetaCart

This paper describes the design, implementation and evaluation of Native Client, a sandbox for untrusted x86 native code. Native Client aims to give browser-based applications the computational performance of native applications without compromising safety. Native Client uses software fault

Randomized Instruction Set Emulation To Disrupt Binary . . .

by Gabriela Barrantes, David H. Ackley, Trek S. Palmer, Dino Dai Zovi, Stephanie Forrest, Darko Stefanović - ACM TRANSACTIONS ON INFORMATION SYSTEM SECURITY , 2003

"... Many remote attacks against computer systems inject binary code into the execution path of a running program, gaining control of the program's behavior. If each defended system or program could use a machine instruction set that was both unique and private, such binary code injection attacks ..."

Abstract - Cited by 155 (3 self) - Add to MetaCart

attacks would become extremely difficult if not impossible. A binary-to-binary translator provides an economic and flexible implementation path for realizing that idea. As a proof of concept, we describe a randomized instruction set emulator (RISE) based on the open-source Valgrind x86-to-x86 binary

Verified Just-In-Time Compiler on x86

by Magnus O. Myreen

"... This paper presents a method for creating formally correct just-intime (JIT) compilers. The tractability of our approach is demonstrated through, what we believe is the first, verification of a JIT compiler with respect to a realistic semantics of self-modifying x86 machine code. Our semantics inclu ..."

Abstract - Cited by 23 (5 self) - Add to MetaCart

This paper presents a method for creating formally correct just-intime (JIT) compilers. The tractability of our approach is demonstrated through, what we believe is the first, verification of a JIT compiler with respect to a realistic semantics of self-modifying x86 machine code. Our semantics

Verified LISP implementations on ARM, x86 and PowerPC

by Magnus O. Myreen, Michael J. C. Gordon

"... Abstract. This paper reports on a case study, which we believe is the first to produce a formally verified end-to-end implementation of a functional programming language running on commercial processors. Interpreters for the core of McCarthy’s LISP 1.5 were implemented in ARM, x86 and PowerPC machin ..."

Abstract - Cited by 4 (2 self) - Add to MetaCart

Abstract. This paper reports on a case study, which we believe is the first to produce a formally verified end-to-end implementation of a functional programming language running on commercial processors. Interpreters for the core of McCarthy’s LISP 1.5 were implemented in ARM, x86 and Power

A better x86 memory model: x86-TSO

by Scott Owens, Susmit Sarkar, Peter Sewell - In TPHOLs’09: Conference on Theorem Proving in Higher Order Logics, volume 5674 of LNCS , 2009

"... Abstract. Real multiprocessors do not provide the sequentially consistent memory that is assumed by most work on semantics and verification. Instead, they have relaxed memory models, typically described in ambiguous prose, which lead to widespread confusion. These are prime targets for mechanized fo ..."

Abstract - Cited by 76 (9 self) - Add to MetaCart

, and an axiomatic total store ordering model, similar to that of the SPARCv8. Both are adapted to handle x86-specific features. We have implemented the axiomatic model in ourmemevents tool, which calculates the set of all valid executions of test programs, and, for greater confidence, verify the witnesses

Building verifiable trusted path on commodity x86 computers

by Zongwei Zhou, Virgil D. Gligor, James Newsome, Jonathan M. Mccune - In Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP ’12 , 2012

"... A trusted path is a protected channel that assures the secrecy and authenticity of data transfers between a user’s input/output (I/O) device and a program trusted by that user. We argue that, despite its incontestable necessity, current commodity systems do not support trusted path with any signific ..."

Abstract - Cited by 21 (3 self) - Add to MetaCart

design. Our system enables users to verify the states and configurations of one or more trusted-paths using a simple, secret-less, hand-held device. We implement a simple user-oriented trusted path as a case study. 1

TALx86: A Realistic Typed Assembly Language

by Greg Morrisett, Karl Crary, Neal Glew, Dan Grossman, Richard Samuels, Frederick Smith, David Walker, Stephanie Weirich, Steve Zdancewic

"... In previous work, we presented a formalism for a statically typed, idealized assembly language called TAL. The goal of TAL was to provide an extremely lowlevel, statically-typed target language that is better suited than Java bytecodes for supporting a wide variety of source languages and a number o ..."

Abstract - Cited by 166 (34 self) - Add to MetaCart

of important optimizations. In this paper, we present our progress in defining and implementing a realistic typed assembly language called TALx86. The TALx86 instructions comprise a relatively complete fragment of the Intel IA32 (32-bit 80x86 flat model) assembly language and are thus executable on processors

Proof Pearl: A Verified Bignum Implementation in x86-64 Machine Code

by Magnus O. Myreen, Gregorio Curello

"... Abstract. Verification of machine code can easily deteriorate into an endless clutter of low-level details. This paper presents a case study which shows that machine-code verification does not necessitate ghastly lowlevel proofs. The case study we describe is the construction of an x86-64 implementa ..."

Abstract - Cited by 3 (2 self) - Add to MetaCart

for arrays and previously developed tools, namely, a proof-producing decompiler and compiler. The work presented in this paper has been developed in the HOL4 theorem prover. The case study resulted in 800 lines of verified 64-bit x86 machine code. 1

Using Term Rewriting Systems to Design and Verify Processors

by Arvind, Xiaowei Shen - IEEE MICRO , 1998

"... We present a novel use of Term Rewriting Systems (TRS's) to describe micro-architectures. The state of a system is represented as a TRS term while the state transitions are represented as TRS rules. TRS descriptions are amenable to both verification and synthesis. We illustrate the use of TR ..."

Abstract - Cited by 61 (4 self) - Add to MetaCart

of TRS's by giving the operational semantics of a simple RISC instruction set. We then present another TRS that implements the same instruction set on a micro-architecture which permits register renaming and speculative execution. The correctness of the speculative implementation is discussed

Results 1 - 10 of 597

Tools