From source code to crash test-case through software testing automation (C&ESAR 2021: Automation in Cybersecurity - Call for Papers)

Who

Robin David, Jonathan Salwan, Justin B.

Track

C&ESAR 2021: Automation in Cybersecurity Call for Papers

Time Zone

The program is currently displayed in (GMT+01:00) Brussels, Copenhagen, Madrid, Paris.

Use conference time zone: (GMT+01:00) Brussels, Copenhagen, Madrid, ParisSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Tue 16 Nov 2021 11:30 - 12:00 at Grand Auditorium - Protection & Evaluation Chair(s): Gurvan LE GUERNIC

Abstract

Finding weaknesses and vulnerability in a source code is a difficult task. An approach is static analysis, but existing solutions and tools tends to generate many alerts and especially false positives. This paper present an approach automating the software testing process from a source code to the dynamic testing of the compiled program. More specifically, from a static analysis report indicating alerts on source lines it enables testing to cover these lines dynamically and opportunistically checking whether whether or not they can trigger a crash. The result is a test corpus allowing to cover alerts and to trigger them if they happen to be true positives. This paper discuss the methodology employed to track alerts down in the compiled binary, the testing engines selection process and the results obtained on a TCP/IP stack implementation for embedded and IoT systems.

Robin David

Quarkslab

France

Jonathan Salwan

Quarkslab

France

Justin B.

France

PPTX slide deck

PDF slide deck

Audio recording

Proceedings paper

Time Zone

The program is currently displayed in (GMT+01:00) Brussels, Copenhagen, Madrid, Paris.

Use conference time zone: (GMT+01:00) Brussels, Copenhagen, Madrid, ParisSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Tue 16 Nov
Displayed time zone: Brussels, Copenhagen, Madrid, Paris change

11:00 - 12:00	Protection & EvaluationCall for Papers at Grand Auditorium Chair(s): Gurvan LE GUERNIC DGA MI & Université de Rennes 1

11:00 30m Talk		PROSECCO: Formally-Proven Secure Compiled Code Call for Papers Nicolas Belleville Univ Grenoble Alpes, CEA, List, Damien Couroussé Univ Grenoble Alpes, CEA, List, Emmanuelle Encrenaz Sorbonne Université, CNRS, LIP6, Karine Heydemann Sorbonne Université, CNRS, LIP6, Quentin Meunier Sorbonne Université, CNRS, LIP6 Media Attached
11:30 30m Talk		From source code to crash test-case through software testing automation Call for Papers Robin David Quarkslab, Jonathan Salwan Quarkslab, Justin B. Media Attached