Introducing robust reachability

Girol, Guillaume; Farinier, Benjamin; Bardin, Sébastien

doi:10.1007/s10703-022-00402-x

Cited by 2 publications

(4 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The program property of robust reachability [8,9] refines the standard notion of reachability of a bug given a partition of the program variables in a controlled and an uncontrolled set: a bug is robustly reachable if it is reachable whatever the values of the uncontrolled variables. FuncTion -V can analyze robust reachability properties expressible as a CTL formula of the form AFϕ.…”

Section: Related Workmentioning

confidence: 99%

“…FuncTion -V can analyze robust reachability properties expressible as a CTL formula of the form AFϕ. The vulnerable variables sets identified by FuncTion -V identify the controlled program variables, and the corresponding sufficient preconditions inferred by FuncTion -V yield the space of values for the controlled program variables that ensure the robust reachability property, i.e., instead of returning a single bug witness like the symbolic execution framework proposed by [8,9], FuncTion -V returns a set of bug witnesses. Instead, the approach recently proposed by Sellami et al [15] infers constraints on the uncontrolled program variables.…”

Section: Related Workmentioning

confidence: 99%

“…Let us consider the undesirable robust reachability [8,9] of the error location in Figure 1. Here, to make sure that the error location is reached, an attacker can either (A) control the value of x ensuring that x > 0 (error reachable independently of the values of y and z), or (B) control the value of y and z ensuring that y ≤ z (error reachable independently of the value of x).…”

Section: Introductionmentioning

confidence: 99%

“…Besides robust reachability [8,9,18,19], FuncTion -V more generally supports program properties expressed in Computation Tree Logic (CTL) [2] (e.g., termination [16], recurrence properties [18,19], etc.). To improve the precision of our approach, we have equipped Func-Tion -V with a conflict-driven abstraction refinement-style analysis [7].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Automatic Detection of Vulnerable Variables for CTL Properties of Programs

Moussaoui Remil,

Urban,

Miné

EPiC Series in Computing

View full text Add to dashboard Cite

We present our tool FuncTion-V for the automatic identification of the minimal sets of program variables that an attacker can control to ensure an undesirable program property. FuncTion-V supports program properties expressed in Computation Tree Logic (CTL), and builds upon an abstract interpretation-based static analysis for CTL properties that we extend with an abstraction refinement process. We showcase our tool on benchmarks collected from the literature and SV-COMP 2023.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Automatic Detection of Vulnerable Variables for CTL Properties of Programs

Moussaoui Remil,

Urban,

Miné

EPiC Series in Computing

View full text Add to dashboard Cite

show abstract

Inference of Robust Reachability Constraints

Sellami,

Girol,

Recoules

et al. 2024

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Characterization of bugs and attack vectors is in many practical scenarios as important as their finding. Recently, Girol et. al. have introduced the concept of robust reachability, which ensures a perfect reproducibility of the reported violations by distinguishing inputs that are under the control of the attacker (controlled inputs) from those that are not (uncontrolled inputs), and proposed first automated analysis for it. While it is a step toward distinguishing severe bugs from benign ones, it fails for example to describe violations that are mostly reproducible, i.e., when triggering conditions are likely to happen, meaning that they happen for all uncontrolled inputs but a few corner cases. To address this issue, we propose to leverage theory-agnostic abduction techniques to generate constraints on the uncontrolled program inputs that ensure that a target property is robustly satisfied. Our proposal comes with an extension of robust reachability that is generic on the type of trace property and on the technology used to verify the properties. We show that our approach is complete w.r.t its inference language, and we additionally discuss strategies for the efficient exploration of the inference space. We demonstrate the feasibility of the method and its practical ability to refine the notion of robust reachability with an implementation that uses robust reachability oracles to generate constraints on standard benchmarks from software verification and security analysis. We illustrate the use of our implementation to a vulnerability characterization problem in the context of fault injection attacks. Our method overcomes a major limitation of the initial proposal of robust reachability, without complicating its definition. From a practical view, this is a step toward new verification tools that are able to characterize program violations through high-level feedback.

show abstract

Introducing robust reachability

Cited by 2 publications

References 45 publications

Automatic Detection of Vulnerable Variables for CTL Properties of Programs

Automatic Detection of Vulnerable Variables for CTL Properties of Programs

Inference of Robust Reachability Constraints

Contact Info

Product

Resources

About