Write a Blog >>
Tue 16 Nov 2021 11:30 - 12:00 at Grand Auditorium - Protection & Evaluation Chair(s): Gurvan LE GUERNIC

Finding weaknesses and vulnerability in a source code is a difficult task. An approach is static analysis, but existing solutions and tools tends to generate many alerts and especially false positives. This paper present an approach automating the software testing process from a source code to the dynamic testing of the compiled program. More specifically, from a static analysis report indicating alerts on source lines it enables testing to cover these lines dynamically and opportunistically checking whether whether or not they can trigger a crash. The result is a test corpus allowing to cover alerts and to trigger them if they happen to be true positives. This paper discuss the methodology employed to track alerts down in the compiled binary, the testing engines selection process and the results obtained on a TCP/IP stack implementation for embedded and IoT systems.

Tue 16 Nov

Displayed time zone: Brussels, Copenhagen, Madrid, Paris change

11:00 - 12:00
Protection & EvaluationCall for Papers at Grand Auditorium
Chair(s): Gurvan LE GUERNIC DGA MI & Université de Rennes 1
11:00
30m
Talk
PROSECCO: Formally-Proven Secure Compiled Code
Call for Papers
Nicolas Belleville Univ Grenoble Alpes, CEA, List, Damien Couroussé Univ Grenoble Alpes, CEA, List, Emmanuelle Encrenaz Sorbonne Université, CNRS, LIP6, Karine Heydemann Sorbonne Université, CNRS, LIP6, Quentin Meunier Sorbonne Université, CNRS, LIP6
Media Attached
11:30
30m
Talk
From source code to crash test-case through software testing automation
Call for Papers
Robin David Quarkslab, Jonathan Salwan Quarkslab, Justin Bourroux DGA-MI
Media Attached