Security testing has gained significant attention recently due to the huge number of attacks against software systems. This paper presents a novel security testing method using trace-based symbolic execu-tion and satisfiability analysis. It reuses test cases generated from traditional functional testing to produce execution traces. An execution trace is a sequence of program statements exercised by a test case. Each execution trace is symbolically executed to produce program constraints and security constraints. A pro-gram constraint is a constraint imposed by program logic on program variables. A security constraint is a condition on program variables that must be satisfied to ensure system security. A security vulnerability exists if ther...
Symbolic execution is widely used to detect vulnerabilities in software. The idea is to symbolically...
International audienceThis paper gives an overview of a formal approach for detecting vulnerabilitie...
C and JavaScript are widely-used languages for writing security-sensitive software, despite their in...
Many security and software testing applications require checking whether certain properties of a pro...
Quantitative program analysis is an emerging area with applications to software testing and security...
The ramping up use of network connected devices is providing hackers more incentives and opportuniti...
Over the past 20 years, our society has become increasingly dependent on software. Today, we rely on...
International audienceCertification through auditing allows to ensure that critical embedded systems...
Symbolic execution has the potential to make software more secure by significantly improving automat...
Memory corruption is a serious class of software vulnerabilities, which requires careful attention t...
International audienceSymbolic execution is a program analysis technique commonly utilized to determ...
Most current approaches to software verification are one-sided -- a safety prover will try to prove ...
International audienceMany program analysis tools and techniques have been developed to assess progr...
Modern software systems require the support of automatic program analyses to answer questions about ...
We consider an approach to testing that combines white-box and black-box techniques. Black-box testi...
Symbolic execution is widely used to detect vulnerabilities in software. The idea is to symbolically...
International audienceThis paper gives an overview of a formal approach for detecting vulnerabilitie...
C and JavaScript are widely-used languages for writing security-sensitive software, despite their in...
Many security and software testing applications require checking whether certain properties of a pro...
Quantitative program analysis is an emerging area with applications to software testing and security...
The ramping up use of network connected devices is providing hackers more incentives and opportuniti...
Over the past 20 years, our society has become increasingly dependent on software. Today, we rely on...
International audienceCertification through auditing allows to ensure that critical embedded systems...
Symbolic execution has the potential to make software more secure by significantly improving automat...
Memory corruption is a serious class of software vulnerabilities, which requires careful attention t...
International audienceSymbolic execution is a program analysis technique commonly utilized to determ...
Most current approaches to software verification are one-sided -- a safety prover will try to prove ...
International audienceMany program analysis tools and techniques have been developed to assess progr...
Modern software systems require the support of automatic program analyses to answer questions about ...
We consider an approach to testing that combines white-box and black-box techniques. Black-box testi...
Symbolic execution is widely used to detect vulnerabilities in software. The idea is to symbolically...
International audienceThis paper gives an overview of a formal approach for detecting vulnerabilitie...
C and JavaScript are widely-used languages for writing security-sensitive software, despite their in...