The Community for Technology Leaders
RSS Icon
Tucson, Arizona
Dec. 5, 2005 to Dec. 9, 2005
ISBN: 0-7695-2461-3
pp: 13-22
Benjamin Schwarz , University of California, Berkeley
Hao Chen , University of California, Berkeley
David Wagner , University of California, Berkeley
Jeremy Lin , University of California, Berkeley
Wei Tu , University of California, Berkeley
Geoff Morrison , University of California, Berkeley
Jacob West , University of California, Berkeley
Software model checking has become a popular tool for verifying programs? behavior. Recent results suggest that it is viable for finding and eradicating security bugs quickly. However, even state-of-the-art model checkers are limited in use when they report an overwhelming number of false positives, or when their lengthy running time dwarfs other software development processes. In this paper we report our experiences with software model checking for security properties on an extremely large scale-an entire Linux distribution consisting of 839 packages and 60 million lines of code. To date, we have discovered 108 exploitable bugs. Our results indicate that model checking can be both a feasible and integral part of the software development process.
Benjamin Schwarz, Hao Chen, David Wagner, Jeremy Lin, Wei Tu, Geoff Morrison, Jacob West, "Model Checking An Entire Linux Distribution for Security Violations", ACSAC, 2005, Computer Security Applications Conference, Annual, Computer Security Applications Conference, Annual 2005, pp. 13-22, doi:10.1109/CSAC.2005.39
20 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool