Validation with code instropection of a virtual platform for sandboxing and security analysis

Abstract

International audienceValidating the safety and security of software computing systems often involves testing code in simulators of these systems, called virtual platforms. Because security breaches often come from implementation details, such simulators must reach a high level of accuracy. However, validating an instruction set simulator is a heavy development task involving large test campaigns. In this paper, we propose a novel technique to automatically generate and evaluate simulator tests. Using C++ polymorphism, we developed a code introspection software library that enables automatic test generation. By leveraging this automated approach, we were able to develop a self-testing simulator, providing a superior level of validation with minimal development overhead