Safety in Numbers
Project final rept. 12 Jan-27 Nov 2010
GRAMMATECH INC ITHACA NY
Pagination or Media Count:
Using large-scale distributed resources can help find vulnerabilities and malicious code. This project studied the feasibility of distributing two kinds of static analyses of machine code across large-scale donated computational cycles conventional static analyses for finding bugs and vulnerabilities, and concolic execution to find test cases that trigger rare, possibly maliciously hidden, code paths. We demonstrated that concolic execution is particularly suited to large-scale distributed execution since its core computational loop is very parallelizable and communication costs are small. We assessed a large number of possible parallel architectures and experimented in depth with three. In the process of expanding and scaling our concolic engine for this application, we also devised a means to fuzz its semantic representation of machine code and so were able to demonstrate a general technique for validating abstract representations of machine code semantics.
- Computer Programming and Software
- Safety Engineering