Lazy self-composition for security verification
Author(s): Yang, W; Vizel, Y; Subramanyan, P; Gupta, A; Malik, Sharad
DownloadTo refer to this page use:
http://arks.princeton.edu/ark:/88435/pr1sr4nFull metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Yang, W | - |
| dc.contributor.author | Vizel, Y | - |
| dc.contributor.author | Subramanyan, P | - |
| dc.contributor.author | Gupta, A | - |
| dc.contributor.author | Malik, Sharad | - |
| dc.date.accessioned | 2020-04-01T13:22:53Z | - |
| dc.date.available | 2020-04-01T13:22:53Z | - |
| dc.date.issued | 2018-7-18 | en_US |
| dc.identifier.citation | Yang, W, Vizel, Y, Subramanyan, P, Gupta, A, Malik, S. (2018). Lazy self-composition for security verification. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 10982 LNCS (136 - 156. doi:10.1007/978-3-319-96142-2_11 | en_US |
| dc.identifier.uri | http://arks.princeton.edu/ark:/88435/pr1sr4n | - |
| dc.description.abstract | The secure information flow problem, which checks whether low-security outputs of a program are influenced by high-security inputs, has many applications in verifying security properties in programs. In this paper we present lazy self-composition, an approach for verifying secure information flow. It is based on self-composition, where two copies of a program are created on which a safety property is checked. However, rather than an eager duplication of the given program, it uses duplication lazily to reduce the cost of verification. This lazy self-composition is guided by an interplay between symbolic taint analysis on an abstract (single copy) model and safety verification on a refined (two copy) model. We propose two verification methods based on lazy self-composition. The first is a CEGAR-style procedure, where the abstract model associated with taint analysis is refined, on demand, by using a model generated by lazy self-composition. The second is a method based on bounded model checking, where taint queries are generated dynamically during program unrolling to guide lazy self-composition and to conclude an adequate bound for correctness. We have implemented these methods on top of the SeaHorn verification platform and our evaluations show the effectiveness of lazy self-composition. | en_US |
| dc.format.extent | 136 - 156 | en_US |
| dc.language.iso | en_US | en_US |
| dc.relation.ispartof | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | en_US |
| dc.rights | Final published version. This is an open access article. | en_US |
| dc.title | Lazy self-composition for security verification | en_US |
| dc.type | Conference Article | en_US |
| dc.identifier.doi | doi:10.1007/978-3-319-96142-2_11 | - |
| dc.date.eissued | 2018-7-18 | en_US |
| pu.type.symplectic | http://www.symplectic.co.uk/publications/atom-terms/1.0/journal-article | en_US |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| Lazy self-composition for security verification.pdf | 711.16 kB | Adobe PDF | View/Download |
Items in OAR@Princeton are protected by copyright, with all rights reserved, unless otherwise indicated.