SPLAT: A Tool for Model-Checking and Dynamically-Enforcing Abstractions
Conventional software model-checking involves (i) creating an abstract model of a complex application; (ii) validating this model against the application; and (iii) checking safety properties against the abstract model. To non-experts, steps (i) and (ii) are often the most daunting. Firstly how does one decide which aspects of the application to include in the abstract model? Secondly, how does one determine whether the abstraction inadvertently “hides” critical bugs? Similarly, if a counter-example is found, how does one determine whether this is a genuine bug or just a modelling artifact?
KeywordsAuthentication Service USENIX Security Symposium Safety Monitor 12th USENIX Security Symposium Privilege Escalation
Unable to display preview. Download preview PDF.
- 1.Leroy, X., et al.: Objective Caml, http://caml.inria.fr/
- 2.CERT Coordination Center (CERT/CC). CERT knowledgebase, http://www.cert.org/kb/
- 4.Holzmann, G.J.: The SPIN Model Checker: Primer and Reference Manual title. Pearson Educational (2003)Google Scholar
- 5.Provos, N., Friedl, M., Honeyman, P.: Preventing privilege escalation. In: Proceedings of the 12th USENIX Security Symposium (August 2003)Google Scholar
- 6.Bill Sommerfeld. IETF Secure Shell Working Group (secsh), http://ietf.org/html.charters/secsh-charter.html