Abstract
We explore of use of the tool BeepBeep, a monitor for the temporal logic LTL-FO\(^+\), in interpreting assembly traces, focusing on security-related applications. LTL-FO\(^+\) is an extension of LTL, which includes first order quantification. We show that LTL-FO\(^+\) is a sufficiently expressive formalism to state a number of interesting program behaviors, and demonstrate experimentally that BeepBeep can efficiently verify the validity of the properties on assembly traces in tractable time.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Becker, D., Wolf, F., Frings, W., Geimer, M., Wylie, B., Mohr, B.: Automatic trace-based performance analysis of metacomputing applications. In: 2007 Parallel and Distributed Processing Symposium, pp. 1–10 (2007)
Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, SP 2005, pp. 32–46. IEEE Computer Society, Washington, DC (2005)
Dietz, W., Li, P., Regehr, J., Adve, V.: Understanding integer overflow in C/C++. In: Proceedings of the 34th International Conference on Software Engineering, ICSE 2012, pp. 760–770. IEEE Press, Piscataway (2012)
Ghiasi, M., Sami, A., Salehi, Z.: Dynamic VSA: a framework for malware detection based on register contents. Eng. Appl. Artif. Intell. 44, 111–122 (2015)
Hallé, S., Villemaire, R.: Runtime enforcement of web service message contracts with data. IEEE Trans. Serv. Comput. 5(2), 192–206 (2012)
Hornat, C.: JPEG vulnerability: a day in the life of the JPEG vulnerability. Technical report, Info Security Writers (2004)
Jerding, D., Stasko, J.: The information mural: a technique for displaying and navigating large information spaces. IEEE Trans. Visual. Comput. Graphics 4(3), 257–271 (1998)
Roşu, G., Chen, F., Ball, T.: Synthesizing monitors for safety properties: this time with calls and returns. In: Leucker, M. (ed.) RV 2008. LNCS, vol. 5289, pp. 51–68. Springer, Heidelberg (2008). doi:10.1007/978-3-540-89247-2_4
Seacord, R.C.: Secure Coding in C and C++, 2nd edn. Addison-Wesley Professional, Upper Saddle River (2013)
Storlie, C., Anderson, B., Wiel, S.V., Quist, D., Hash, C., Brown, N.: Stochastic identification of malware with dynamic traces. Ann. Appl. Stat. 8(1), 1–18 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix 1: LTL-FO\(^+\) Properties
Appendix 1: LTL-FO\(^+\) Properties
1.1 Property 1: Integer Overflow Detection
1.2 Property 2: Call Sequence Profiling
1.3 Property 3: Return Address Protection
1.4 Property 4: Pointer Subterfuge Detection
1.5 Property 5: Malicious Pattern Detection
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Khoury, R., Hallé, S., Waldmann, O. (2016). Execution Trace Analysis Using LTL-FO\(^+\) . In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation: Discussion, Dissemination, Applications. ISoLA 2016. Lecture Notes in Computer Science(), vol 9953. Springer, Cham. https://doi.org/10.1007/978-3-319-47169-3_26
Download citation
DOI: https://doi.org/10.1007/978-3-319-47169-3_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47168-6
Online ISBN: 978-3-319-47169-3
eBook Packages: Computer ScienceComputer Science (R0)