all InfoSec news
Compositional Vulnerability Detection with Insecurity Separation Logic. (arXiv:2107.05225v4 [cs.PL] UPDATED)
cs.CR updates on arXiv.org arxiv.org
Memory-safety issues and information leakage are known to be depressingly
common. We consider the compositional static detection of these kinds of
vulnerabilities in first-order C-like programs. Existing methods often treat
one type of vulnerability (e.g. memory-safety) but not the other (e.g.
information leakage). Indeed the latter are hyper-safety violations, making
them more challenging to detect than the former. Existing leakage detection
methods like Relational Symbolic Execution treat only non-interactive programs,
avoiding the challenges raised by nondeterminism for reasoning about
information …
detection insecurity logic vulnerability vulnerability detection