Skip to main content
SpringerLink
Log in

Compositional Vulnerability Detection with Insecurity Separation Logic

  • Conference paper
  • First Online:
Formal Methods and Software Engineering (ICFEM 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14308))

Included in the following conference series:

Abstract

Memory-safety issues and information leakage are known to be depressingly common. We consider the compositional static detection of these kinds of vulnerabilities in first-order C-like programs. Indeed the latter are relational hyper-safety violations, comparing pairs of program executions, making them more challenging to detect than the former, which require reasoning only over individual executions. Existing symbolic leakage detection methods treat only non-interactive programs, avoiding the challenges of nondeterminism. Also, being whole-program analyses they cannot be applied one-function-at-a-time, thereby ruling out incremental analysis. We remedy these shortcomings by presenting Insecurity Separation Logic (InsecSL), an under-approximate relational program logic for soundly detecting information leakage and memory-safety issues in interactive programs. Importantly, InsecSL reasons about pairs of executions, and so is relational, but purposefully resembles the non-relational Incorrectness Separation Logic (ISL) that is already automated in the Infer tool. We show how InsecSL can be automated by bi-abduction based symbolic execution, and we evaluate two implementations of this idea (one based on Infer) on various case-studies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Al Fardan, N.J., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: IEEE Symposium on Security and Privacy, pp. 526–540. IEEE (2013)

    Google Scholar 

  2. Banerjee, A., Naumann, D.A., Rosenberg, S.: Expressive declassification policies and modular static enforcement. In: IEEE Symposium on Security and Privacy, pp. 339–353. IEEE (2008)

    Google Scholar 

  3. Barthe, G., et al.: Formal verification of a constant-time preserving C compiler. PACMPL 4(POPL), 1–30 (2020)

    Google Scholar 

  4. Benton, N.: Simple relational correctness proofs for static analyses and program transformations. In: POPL, pp. 14–25 (2004)

    Google Scholar 

  5. Calcagno, C., Distefano, D., O’Hearn, P., Yang, H.: Compositional shape analysis by means of Bi-abduction. In: POPL, pp. 289–300 (2009)

    Google Scholar 

  6. Clarkson, M.R., Schneider, F.B.: Hyperproperties. J. Comput. Secur. 18(6), 1157–1210 (2010)

    Article  Google Scholar 

  7. Daniel, L.A., Bardin, S., Rezk, T.: BINSEC/REL: efficient relational symbolic execution for constant-time at binary-level. In: IEEE Symposium on Security and Privacy, pp. 1021–1038. IEEE (2020)

    Google Scholar 

  8. De Vries, E., Koutavas, V.: Reverse Hoare logic. In: SEFM, pp. 155–171 (2011)

    Google Scholar 

  9. Eilers, M., Müller, P., Hitz, S.: Modular product programs. In: ESOP, pp. 502–529 (2018)

    Google Scholar 

  10. Ernst, G., Murray, T.: SecCSL: security concurrent separation logic. In: Dillig, I., Tasiran, S. (eds.) CAV 2019. LNCS, vol. 11562, pp. 208–230. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-25543-5_13

    Chapter  Google Scholar 

  11. Farina, G.P., Chong, S., Gaboardi, M.: Relational symbolic execution. In: PPDP, pp. 1–14 (2019)

    Google Scholar 

  12. Le, Q.L., Raad, A., Villard, J., Berdine, J., Dreyer, D., O’Hearn, P.W.: Finding real bugs in big programs with incorrectness logic. PACMPL 6(OOPSLA1), 1–27 (2022)

    Google Scholar 

  13. Molnar, D., Piotrowski, M., Schultz, D., Wagner, D.: The program counter security model: automatic detection and removal of control-flow side channel attacks. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 156–168. Springer, Heidelberg (2006). https://doi.org/10.1007/11734727_14

    Chapter  Google Scholar 

  14. Murray, T., Yan, P., Ernst, G.: Compositional vulnerability detection with insecurity separation logic(extended version) (2023). https://covern.org/insecurity.html

  15. O’Hearn, P.W.: Resources, concurrency and local reasoning. In: Gardner, P., Yoshida, N. (eds.) CONCUR 2004. LNCS, vol. 3170, pp. 49–67. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28644-8_4

    Chapter  Google Scholar 

  16. O’Hearn, P.W.: Incorrectness logic. PACMPL 4(POPL), 1–32 (2019)

    Google Scholar 

  17. Raad, A., Berdine, J., Dang, H.-H., Dreyer, D., O’Hearn, P., Villard, J.: Local reasoning about the presence of bugs: incorrectness separation logic. In: Lahiri, S.K., Wang, C. (eds.) CAV 2020. LNCS, vol. 12225, pp. 225–252. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-53291-8_14

    Chapter  Google Scholar 

  18. Reynolds, J.C.: Separation logic: a logic for shared mutable data structures. In: LICS, pp. 55–74. IEEE (2002)

    Google Scholar 

  19. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21(1), 5–19 (2003)

    Article  Google Scholar 

  20. Yang, H.: Relational separation logic. Theoret. Comput. Sci. 375(1–3), 308–334 (2007)

    Article  MathSciNet  Google Scholar 

  21. Zilberstein, N., Dreyer, D., Silva, A.: Outcome logic: a unifying foundation for correctness and incorrectness reasoning. PACMPL 7(OOPSLA1), 522–550 (2023)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Melbourne, Melbourne, Australia

    Toby Murray & Pengbo Yan

  2. LMU Munich, Munich, Germany

    Gidon Ernst

Authors
  1. Toby Murray
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pengbo Yan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gidon Ernst
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Toby Murray .

Editor information

Editors and Affiliations

  1. Nanyang Technological University, Singapore, Singapore

    Yi Li

  2. Concordia University, Montreal, QC, Canada

    Sofiène Tahar

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Murray, T., Yan, P., Ernst, G. (2023). Compositional Vulnerability Detection with Insecurity Separation Logic. In: Li, Y., Tahar, S. (eds) Formal Methods and Software Engineering. ICFEM 2023. Lecture Notes in Computer Science, vol 14308. Springer, Singapore. https://doi.org/10.1007/978-981-99-7584-6_5

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-7584-6_5

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-7583-9

  • Online ISBN: 978-981-99-7584-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation