Reachability Logic for Low-Level Programs
Nico Naus, Freek Verbeek, Marc Schoolderman, Binoy Ravindran
TL;DR
This paper introduces Reachability Logic, a novel formal framework for automatically generating exploits by analyzing reachability of assertions in low-level programs, verified through a theorem prover.
Contribution
It presents Reachability Logic, a new program logic that formalizes assertion reachability and preconditions, enabling automatic exploit generation with proven soundness and completeness.
Findings
Successfully verified on small litmus tests
Effective on real-world algorithms
System is sound and complete in theorem prover
Abstract
Automatic exploit generation is a relatively new area of research. Work in this area aims to automate the manual and labor intensive task of finding exploits in software. In this paper we present a novel program logic to support automatic exploit generation. We develop a program logic called Reachability Logic, which formally defines the relation between reachability of an assertion and the preconditions which allow them to occur. This relation is then used to calculate the search space of preconditions. We show that Reachability Logic is a powerful tool in automatically finding evidence that an assertion is reachable. We verify that the system works for small litmus tests, as well as real-world algorithms. An implementation has been developed, and the entire system is proven to be sound and complete in a theorem prover. This work represents an important step towards formally verified…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSoftware Testing and Debugging Techniques · Software Engineering Research · Advanced Malware Detection Techniques