Incremental Vulnerability Detection with Insecurity Separation Logic

07/12/2021
by   Toby Murray, et al.
0

We present the first compositional, incremental static analysis for detecting memory-safety and information leakage vulnerabilities in C-like programs. To do so, we develop the first under-approximate relational program logics for reasoning about information flow, including Insecurity Separation Logic (InsecSL). Like prior under-approximate separation logics, we show that InsecSL can be automated via symbolic execution. We then build a top-down, contextual, compositional, inter-procedural analysis for detecting vulnerabilities. We prove our approach sound in Isabelle/HOL and implement it in a proof-of-concept tool, Underflow, for analysing C programs, which we apply to various case studies.

READ FULL TEXT
03/10/2020

An Under-Approximate Relational Logic: Heralding Logics of Insecurity, Incorrect Implementation More

Recently, authors have proposed under-approximate logics for reasoning a...
09/08/2021

SecRSL: Security Separation Logic for C11 Release-Acquire Concurrency (Extended version with technical appendices)

We present Security Relaxed Separation Logic (SecRSL), a separation logi...
01/17/2020

Strong-Separation Logic

Most automated verifiers for separation logic target the symbolic-heap f...
05/10/2021

Incorrectness Logic for Graph Programs

Program logics typically reason about an over-approximation of program b...
10/11/2019

Internal Calculi for Separation Logics

We present a general approach to axiomatise separation logics with heapl...
02/07/2020

RHLE: Automatic Verification of ∀∃-Hyperproperties

Specifications of program behavior typically consider single executions ...
07/24/2018

Automatically Assessing Vulnerabilities Discovered by Compositional Analysis

Testing is the most widely employed method to find vulnerabilities in re...