Accession Number : ADA532995


Title :   Safety in Numbers


Descriptive Note : Project final rept. 12 Jan-27 Nov 2010


Corporate Author : GRAMMATECH INC ITHACA NY


Personal Author(s) : Melski, David ; Cok, David ; Phillips, John ; Wisniewski, Scott ; Yong, Suan H ; Lloyd, Nathan ; Kuper, Lindsay ; Gopen, Denis ; Loginov, Alexey


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a532995.pdf


Report Date : 27 Nov 2010


Pagination or Media Count : 105


Abstract : Using large-scale distributed resources can help find vulnerabilities and malicious code. This project studied the feasibility of distributing two kinds of static analyses of machine code across large-scale donated computational cycles: conventional static analyses for finding bugs and vulnerabilities, and concolic execution to find test cases that trigger rare, possibly maliciously hidden, code paths. We demonstrated that concolic execution is particularly suited to large-scale distributed execution since its core computational loop is very parallelizable and communication costs are small. We assessed a large number of possible parallel architectures and experimented in depth with three. In the process of expanding and scaling our concolic engine for this application, we also devised a means to fuzz its semantic representation of machine code and so were able to demonstrate a general technique for validating abstract representations of machine code semantics.


Descriptors :   *STATIC TESTS , *MACHINE CODING , *ANTIVIRUS SOFTWARE , *SAFETY , PARALLEL PROCESSING , COSTS , COMMUNICATION AND RADIO SYSTEMS , COMPUTER ARCHITECTURE , VULNERABILITY , SEMANTICS , COMPUTATIONS , CYCLES


Subject Categories : Computer Programming and Software
      Safety Engineering


Distribution Statement : APPROVED FOR PUBLIC RELEASE