Documents in the NTIS Technical Reports collection are the results of federally funded research. They are directly submitted to or collected by NTIS from Federal agencies for permanent accessibility to industry, academia and the public.  Before purchasing from NTIS, you may want to check for free access from (1) the issuing organization's website; (2) the U.S. Government Printing Office's Federal Digital System website http://www.gpo.gov/fdsys; (3) the federal government Internet portal USA.gov; or (4) a web search conducted using a commercial search engine such as http://www.google.com.
Accession Number ADA575881
Title Cross-Boundary Security Analysis.
Publication Date Apr 2013
Media Count 15p
Personal Author T. W. Reps
Abstract The goal of the project was to develop new methods to discover security vulnerabilities and security exploits. The research involved static analysis, dynamic analysis, and symbolic execution of software at both the source-code and machine-code levels. An aspect that distinguished the approach taken in the project from previous work was the attempt to uncover security problems due to differences in outlook between different levels of a system -- an approach called cross-boundary security analysis. The term refers both to (i) translation effects where the source-level outlook and the machine-code- level outlook differ, as well as (ii) differences in outlook between a source- level view of a component's API and the machine code that implements the component, which can sometimes allow a sequence of API calls to drive a program to a bad state. In both cases, one has two different artifacts that are supposed to have the same semantics, but whose semantics actually differ.
Keywords Artifacts
Components
Computer program verification
Computer programs
Cross boundary security analysis
Dynamic analysis
Machine code levels
Programming languages
Security
Security exploits
Semantics
Sequences
Software engineering
Source code levels
Static analysis
Symbolic execution
Translations
Vulnerability

 
Source Agency Non Paid ADAS
NTIS Subject Category 62B - Computer Software
74 - Military Sciences
Corporate Author Wisconsin Univ.-Madison. Dept. of Computer Sciences.
Document Type Technical report
Title Note Final rept. 1 Feb 2009 - 30 Nov 2012.
NTIS Issue Number 1319
Contract Number FA9550-09-1-0279

Science and Technology Highlights

See a sampling of the latest scientific, technical and engineering information from NTIS in the NTIS Technical Reports Newsletter

Acrobat Reader Mobile    Acrobat Reader