Transfer Function Synthesis without Quantifier Elimination

Traditionally, transfer functions have been designed manually for each operation in a program, instruction by instruction. In such a setting, a transfer function describes the semantics of a single instruction, detailing how a given abstract input state is mapped to an abstract output state. The net effect of a sequence of instructions, a basic block, can then be calculated by composing the transfer functions of the constituent instructions. However, precision can be improved by applying a single transfer function that captures the semantics of the block as a whole. Since blocks are program-dependent, this approach necessitates automation. There has thus been growing interest in computing transfer functions automatically, most notably using techniques based on quantifier elimination. Although conceptually elegant, quantifier elimination inevitably induces a computational bottleneck, which limits the applicability of these methods to small blocks. This paper contributes a method for calculating transfer functions that finesses quantifier elimination altogether, and can thus be seen as a response to this problem. The practicality of the method is demonstrated by generating transfer functions for input and output states that are described by linear template constraints, which include intervals and octagons.Comment: 37 pages, extended version of ESOP 2011 pape

Adaptable Value-Set Analysis for Low-Level Code

This paper presents a framework for binary code analysis that uses only SAT-based algorithms. Within the framework, incremental SAT solving is used to perform a form of weakly relational value-set analysis in a novel way, connecting the expressiveness of the value sets to computational complexity. Another key feature of our framework is that it translates the semantics of binary code into an intermediate representation. This allows for a straightforward translation of the program semantics into Boolean logic and eases the implementation efforts, too. We show that leveraging the efficiency of contemporary SAT solvers allows us to prove interesting properties about medium-sized microcontroller programs

Range and Set Abstraction using SAT

Symbolic decision trees are not the only way to correlate the relationship between flags and numeric variables. Boolean formulae can also represent such relationships where the integer variables are modelled with bit-vectors of propositional variables. Boolean formulae can be composed to express the semantics of a block and program state, but they are hardly tractable, hence the need to compute their abstractions. This paper shows how incremental SAT can be applied to derive range and set abstractions for bit-vectors that are constrained by Boolean formulae

Range Analysis of Binaries with Minimal Effort

COTS components are ubiquitous in military, industrial and governmental systems. However, the bene?fits of reduced development and maintainance costs are compromised by security concerns. Since source code is unavailable, security audits necessarily occur at the binary level. Push-button formal method techniques, such as model checking and abstract interpretation, can support this process by, among other things, inferring ranges of values for registers. Ranges aid the security engineer in checking for vulnerabilities that relate, for example, to integer wrapping, uninitialised variables and bu?er over ows. Yet the lack of structure in binaries limits the e?ffectiveness of classical range analyses based on widening. This paper thus contributes a simple but novel range analysis, formulated in terms of linear programming, which calculates ranges without manual intervention

Test-Case Generation for Embedded Binary Code Using Abstract Interpretation

This paper describes a framework for test-case generation for microcontroller binary programs using abstract interpretation techniques. The key idea of our approach is to derive program invariants a priori, and then use backward analysis to obtain test vectors that are executed on the target microcontroller. Due to the structure of binary code, the abstract interpretation framework is based on propositional encodings of the program semantics and SAT solving

Analysing Switch-Case Code with Abstract Execution

Constructing the control-flow graph (CFG) of machine code is made difficult by dynamic transfers of control (DTC), where the address of the next instruction is computed at run-time. Switchcase statements make compilers generate a large variety of machine-code forms with DTC. Two analysis approaches are commonly used: pattern-matching methods identify predefined instruction patterns to extract the target addresses, while analytical methods try to compute the set of target addresses using a general value-analysis. We tested the abstract execution method of the SWEET tool as a value analysis for switch-case code. SWEET is here used as a plugin to the Bound-T tool: thus our work can also be seen as an experiment in modular tool design, where a general value-analysis tool is used to aid the CFG construction in a WCET analysis tool. We find that the abstract-execution analysis works at least as well as the switch-case analyses in Bound-T itself, which are mostly based on pattern-matching. However, there are still some weaknesses: the abstract domains available in SWEET are not well suited to representing sets of DTC target addresses, which are small but sparse and irregular. Also, in some cases the abstract-execution analysis fails because the used domain is not relational, that is, does not model arithmetic relationships between the values of different variables. Future work will be directed towards the design of abstract domains eliminating these weaknesses

Cryptographic Key Distribution In Wireless Sensor Networks Using Bilinear Pairings

It is envisaged that the use of cheap and tiny wireless sensors will soon bring a third wave of evolution in computing systems. Billions of wireless senor nodes will provide a bridge between information systems and the physical world. Wireless nodes deployed around the globe will monitor the surrounding environment as well as gather information about the people therein. It is clear that this revolution will put security solutions to a great test. Wireless Sensor Networks (WSNs) are a challenging environment for applying security services. They differ in many aspects from traditional fixed networks, and standard cryptographic solutions cannot be used in this application space. Despite many research efforts, key distribution in WSNs still remains an open problem. Many of the proposed schemes suffer from high communication overhead and storage costs, low scalability and poor resilience against different types of attacks. The exclusive usage of simple and energy efficient symmetric cryptography primitives does not solve the security problem. On the other hand a full public key infrastructure which uses asymmetric techniques, digital signatures and certificate authorities seems to be far too complex for a constrained WSN environment. This thesis investigates a new approach to WSN security which addresses many of the shortcomings of existing mechanisms. It presents a detailed description on how to provide practical Public Key Cryptography solutions for wireless sensor networks. The contributions to the state-of-the-art are added on all levels of development beginning with the basic arithmetic operations and finishing with complete security protocols. This work includes a survey of different key distribution protocols that have been developed for WSNs, with an evaluation of their limitations. It also proposes Identity- Based Cryptography (IBC) as an ideal technique for key distribution in sensor networks. It presents the first in-depth study of the application and implementation of Pairing- Based Cryptography (PBC) to WSNs. This is followed by a presentation of the state of the art on the software implementation of Elliptic Curve Cryptography (ECC) on typical WSNplatforms. New optimized algorithms for performing multiprecision multiplication on a broad range of low-end CPUs are introduced as well. Three novel protocols for key distribution are proposed in this thesis. Two of these are intended for non-interactive key exchange in flat and clustered networks respectively. A third key distribution protocol uses Identity-Based Encryption (IBE) to secure communication within a heterogeneous sensor network. This thesis includes also a comprehensive security evaluation that shows that proposed schemes are resistant to various attacks that are specific to WSNs. This work shows that by using the newest achievements in cryptography like pairings and IBC it is possible to deliver affordable public-key cryptographic solutions and to apply a sufficient level of security for the most demanding WSN applications

On Fault-based Attacks and Countermeasures for Elliptic Curve Cryptosystems

For some applications, elliptic curve cryptography (ECC) is an attractive choice because it achieves the same level of security with a much smaller key size in comparison with other schemes such as those that are based on integer factorization or discrete logarithm. Unfortunately, cryptosystems including those based on elliptic curves have been subject to attacks. For example, fault-based attacks have been shown to be a real threat in today’s cryptographic implementations. In this thesis, we consider fault-based attacks and countermeasures for ECC. We propose a new fault-based attack against the Montgomery ladder elliptic curve scalar multiplication (ECSM) algorithm. For security reasons, especially to provide resistance against fault-based attacks, it is very important to verify the correctness of computations in ECC applications. We deal with protections to fault attacks against ECSM at two levels: module and algorithm. For protections at the module level, where the underlying scalar multiplication algorithm is not changed, a number of schemes and hardware structures are presented based on re-computation or parallel computation. It is shown that these structures can be used for detecting errors with a very high probability during the computation of ECSM. For protections at the algorithm level, we use the concepts of point verification (PV) and coherency check (CC). We investigate the error detection coverage of PV and CC for the Montgomery ladder ECSM algorithm. Additionally, we propose two algorithms based on the double-and-add-always method that are resistant to the safe error (SE) attack. We demonstrate that one of these algorithms also resists the sign change fault (SCF) attack

Kiel Declarative Programming Days 2013

This report contains the papers presented at the Kiel Declarative Programming Days 2013, held in Kiel (Germany) during September 11-13, 2013. The Kiel Declarative Programming Days 2013 unified the following events: * 20th International Conference on Applications of Declarative Programming and Knowledge Management (INAP 2013) * 22nd International Workshop on Functional and (Constraint) Logic Programming (WFLP 2013) * 27th Workshop on Logic Programming (WLP 2013) All these events are centered around declarative programming, an advanced paradigm for the modeling and solving of complex problems. These specification and implementation methods attracted increasing attention over the last decades, e.g., in the domains of databases and natural language processing, for modeling and processing combinatorial problems, and for high-level programming of complex, in particular, knowledge-based systems