Accession Number:

ADA532995

Title:

Safety in Numbers

Descriptive Note:

Project final rept. 12 Jan-27 Nov 2010

Corporate Author:

GRAMMATECH INC ITHACA NY

Report Date:

2010-11-27

Pagination or Media Count:

105.0

Abstract:

Using large-scale distributed resources can help find vulnerabilities and malicious code. This project studied the feasibility of distributing two kinds of static analyses of machine code across large-scale donated computational cycles conventional static analyses for finding bugs and vulnerabilities, and concolic execution to find test cases that trigger rare, possibly maliciously hidden, code paths. We demonstrated that concolic execution is particularly suited to large-scale distributed execution since its core computational loop is very parallelizable and communication costs are small. We assessed a large number of possible parallel architectures and experimented in depth with three. In the process of expanding and scaling our concolic engine for this application, we also devised a means to fuzz its semantic representation of machine code and so were able to demonstrate a general technique for validating abstract representations of machine code semantics.

Subject Categories:

  • Computer Programming and Software
  • Safety Engineering

Distribution Statement:

APPROVED FOR PUBLIC RELEASE