2 research outputs found
Modular Verification of Interrupt-Driven Software
Interrupts have been widely used in safety-critical computer systems to
handle outside stimuli and interact with the hardware, but reasoning about
interrupt-driven software remains a difficult task. Although a number of static
verification techniques have been proposed for interrupt-driven software, they
often rely on constructing a monolithic verification model. Furthermore, they
do not precisely capture the complete execution semantics of interrupts such as
nested invocations of interrupt handlers. To overcome these limitations, we
propose an abstract interpretation framework for static verification of
interrupt-driven software that first analyzes each interrupt handler in
isolation as if it were a sequential program, and then propagates the result to
other interrupt handlers. This iterative process continues until results from
all interrupt handlers reach a fixed point. Since our method never constructs
the global model, it avoids the up-front blowup in model construction that
hampers existing, non-modular, verification techniques. We have evaluated our
method on 35 interrupt-driven applications with a total of 22,541 lines of
code. Our results show the method is able to quickly and more accurately
analyze the behavior of interrupts.Comment: preprint of the ASE 2017 pape
Raising Security Awareness using Cybersecurity Challenges in Embedded Programming Courses
Security bugs are errors in code that, when exploited, can lead to serious
software vulnerabilities. These bugs could allow an attacker to take over an
application and steal information. One of the ways to address this issue is by
means of awareness training. The Sifu platform was developed in the industry,
for the industry, with the aim to raise software developers' awareness of
secure coding. This paper extends the Sifu platform with three challenges that
specifically address embedded programming courses, and describes how to
implement these challenges, while also evaluating the usefulness of these
challenges to raise security awareness in an academic setting. Our work
presents technical details on the detection mechanisms for software
vulnerabilities and gives practical advice on how to implement them. The
evaluation of the challenges is performed through two trial runs with a total
of 16 participants. Our preliminary results show that the challenges are
suitable for academia, and can even potentially be included in official
teaching curricula. One major finding is an indicator of the lack of awareness
of secure coding by undergraduates. Finally, we compare our results with
previous work done in the industry and extract advice for practitioners.Comment: Preprint accepted for publication at the First International
Conference on Code Quality (ICCQ 2021