Skip to main content
SpringerLink
Log in

Execution Trace Analysis Using LTL-FO\(^+\)

  • Conference paper
  • First Online:
Book cover Leveraging Applications of Formal Methods, Verification and Validation: Discussion, Dissemination, Applications (ISoLA 2016)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9953))

Included in the following conference series:

Abstract

We explore of use of the tool BeepBeep, a monitor for the temporal logic LTL-FO\(^+\), in interpreting assembly traces, focusing on security-related applications. LTL-FO\(^+\) is an extension of LTL, which includes first order quantification. We show that LTL-FO\(^+\) is a sufficiently expressive formalism to state a number of interesting program behaviors, and demonstrate experimentally that BeepBeep can efficiently verify the validity of the properties on assembly traces in tractable time.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://github.com/sylvainhalle/ParkBench.

References

  1. Becker, D., Wolf, F., Frings, W., Geimer, M., Wylie, B., Mohr, B.: Automatic trace-based performance analysis of metacomputing applications. In: 2007 Parallel and Distributed Processing Symposium, pp. 1–10 (2007)

    Google Scholar 

  2. Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, SP 2005, pp. 32–46. IEEE Computer Society, Washington, DC (2005)

    Google Scholar 

  3. Dietz, W., Li, P., Regehr, J., Adve, V.: Understanding integer overflow in C/C++. In: Proceedings of the 34th International Conference on Software Engineering, ICSE 2012, pp. 760–770. IEEE Press, Piscataway (2012)

    Google Scholar 

  4. Ghiasi, M., Sami, A., Salehi, Z.: Dynamic VSA: a framework for malware detection based on register contents. Eng. Appl. Artif. Intell. 44, 111–122 (2015)

    Article  Google Scholar 

  5. Hallé, S., Villemaire, R.: Runtime enforcement of web service message contracts with data. IEEE Trans. Serv. Comput. 5(2), 192–206 (2012)

    Article  Google Scholar 

  6. Hornat, C.: JPEG vulnerability: a day in the life of the JPEG vulnerability. Technical report, Info Security Writers (2004)

    Google Scholar 

  7. Jerding, D., Stasko, J.: The information mural: a technique for displaying and navigating large information spaces. IEEE Trans. Visual. Comput. Graphics 4(3), 257–271 (1998)

    Article  Google Scholar 

  8. Roşu, G., Chen, F., Ball, T.: Synthesizing monitors for safety properties: this time with calls and returns. In: Leucker, M. (ed.) RV 2008. LNCS, vol. 5289, pp. 51–68. Springer, Heidelberg (2008). doi:10.1007/978-3-540-89247-2_4

    Chapter  Google Scholar 

  9. Seacord, R.C.: Secure Coding in C and C++, 2nd edn. Addison-Wesley Professional, Upper Saddle River (2013)

    Google Scholar 

  10. Storlie, C., Anderson, B., Wiel, S.V., Quist, D., Hash, C., Brown, N.: Stochastic identification of malware with dynamic traces. Ann. Appl. Stat. 8(1), 1–18 (2014)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratoire d’informatique formelle, Université du Québec à Chicoutimi, Chicoutimi, Canada

    Raphaël Khoury, Sylvain Hallé & Omar Waldmann

Authors
  1. Raphaël Khoury
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sylvain Hallé
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Omar Waldmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Raphaël Khoury .

Editor information

Editors and Affiliations

  1. Lero, Limerick, Ireland

    Tiziana Margaria

  2. TU Dortmund, Dortmund, Germany

    Bernhard Steffen

Appendix 1: LTL-FO\(^+\) Properties

Appendix 1: LTL-FO\(^+\) Properties

1.1 Property 1: Integer Overflow Detection

figure a

1.2 Property 2: Call Sequence Profiling

figure b

1.3 Property 3: Return Address Protection

figure c

1.4 Property 4: Pointer Subterfuge Detection

figure d

1.5 Property 5: Malicious Pattern Detection

figure e

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Khoury, R., Hallé, S., Waldmann, O. (2016). Execution Trace Analysis Using LTL-FO\(^+\) . In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation: Discussion, Dissemination, Applications. ISoLA 2016. Lecture Notes in Computer Science(), vol 9953. Springer, Cham. https://doi.org/10.1007/978-3-319-47169-3_26

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-47169-3_26

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-47168-6

  • Online ISBN: 978-3-319-47169-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation