International audienceMany program analysis tools and techniques have been developed to assess program vulnerability. Yet, they are based on the standard concept of reachability and represent an attacker able to craft smartlegitimate input, while in practice attackers can be much more powerful, using for instance micro-architectural exploits or fault injection methods. We introduce adversarial reachability, a framework allowing to reason about such advanced attackers and check whether a system is vulnerable or immune to a particular attacker. As equipping the attacker with new capacities significantly increases the state space of the program under analysis, we present a new symbolic exploration algorithm, namelyadversarial symbolic executio...
Abstract: Recent advances in static and dynamic program analysis resulted in tools capable to detect...
International audienceMulti-fault injection attacks are powerful since they allow to bypass software...
Security analysts spend days or even weeks in trying to understand the inner workings of malicious s...
Many program analysis tools and techniques have been developed to assess program vulnerability. Yet,...
International audienceCertification through auditing allows to ensure that critical embedded systems...
Abstract Exploitability assessment of vulnerabilities is important for both defenders and attackers....
Quantitative program analysis is an emerging area with applications to software testing and security...
Abstract—The increasing reliance put on networked computer systems demands higher levels of dependab...
As software becomes increasingly embedded in our daily lives, it becomes more and more critical to f...
Characterization of bugs and attack vectors is in many practical scenarios as important as their fin...
Symbolic execution is widely used to detect vulnerabilities in software. The idea is to symbolically...
International audienceFault injection is a well known method to test the robustness and security vul...
Over the past 20 years, our society has become increasingly dependent on software. Today, we rely on...
Software side-channel attacks are able to recover confidential information by observing non-function...
Our computers, phones, and other smart devices are running a vast and ever increasing amount of soft...
Abstract: Recent advances in static and dynamic program analysis resulted in tools capable to detect...
International audienceMulti-fault injection attacks are powerful since they allow to bypass software...
Security analysts spend days or even weeks in trying to understand the inner workings of malicious s...
Many program analysis tools and techniques have been developed to assess program vulnerability. Yet,...
International audienceCertification through auditing allows to ensure that critical embedded systems...
Abstract Exploitability assessment of vulnerabilities is important for both defenders and attackers....
Quantitative program analysis is an emerging area with applications to software testing and security...
Abstract—The increasing reliance put on networked computer systems demands higher levels of dependab...
As software becomes increasingly embedded in our daily lives, it becomes more and more critical to f...
Characterization of bugs and attack vectors is in many practical scenarios as important as their fin...
Symbolic execution is widely used to detect vulnerabilities in software. The idea is to symbolically...
International audienceFault injection is a well known method to test the robustness and security vul...
Over the past 20 years, our society has become increasingly dependent on software. Today, we rely on...
Software side-channel attacks are able to recover confidential information by observing non-function...
Our computers, phones, and other smart devices are running a vast and ever increasing amount of soft...
Abstract: Recent advances in static and dynamic program analysis resulted in tools capable to detect...
International audienceMulti-fault injection attacks are powerful since they allow to bypass software...
Security analysts spend days or even weeks in trying to understand the inner workings of malicious s...