|
Sturton, Cynthia
|
FMS '18: "A Recursive Strategy for Symbolic ..."
A Recursive Strategy for Symbolic Execution to Find Exploits in Hardware Designs
Rui Zhang and Cynthia Sturton
(University of North Carolina, USA)
This paper presents hardware-oriented symbolic execution that uses a recursive algorithm to find, and generate exploits for, vulnerabilities in hardware designs. We first define the problem and then develop and formalize our strategy. Our approach allows for a targeted search through a possibly infinite set of execution traces to find needle-in-a-haystack error states. We demonstrate the approach on the open-source OR1200 RISC processor. Using the presented method, we find, and generate exploits for, a control-flow bug, an instruction integrity bug and an exception related bug.
@InProceedings{FMS18p1,
author = {Rui Zhang and Cynthia Sturton},
title = {A Recursive Strategy for Symbolic Execution to Find Exploits in Hardware Designs},
booktitle = {Proc.\ FMS},
publisher = {ACM},
pages = {1--9},
doi = {10.1145/3219763.3219764},
year = {2018},
}
Publisher's Version
|
|
Zhang, Rui
|
FMS '18: "A Recursive Strategy for Symbolic ..."
A Recursive Strategy for Symbolic Execution to Find Exploits in Hardware Designs
Rui Zhang and Cynthia Sturton
(University of North Carolina, USA)
This paper presents hardware-oriented symbolic execution that uses a recursive algorithm to find, and generate exploits for, vulnerabilities in hardware designs. We first define the problem and then develop and formalize our strategy. Our approach allows for a targeted search through a possibly infinite set of execution traces to find needle-in-a-haystack error states. We demonstrate the approach on the open-source OR1200 RISC processor. Using the presented method, we find, and generate exploits for, a control-flow bug, an instruction integrity bug and an exception related bug.
@InProceedings{FMS18p1,
author = {Rui Zhang and Cynthia Sturton},
title = {A Recursive Strategy for Symbolic Execution to Find Exploits in Hardware Designs},
booktitle = {Proc.\ FMS},
publisher = {ACM},
pages = {1--9},
doi = {10.1145/3219763.3219764},
year = {2018},
}
Publisher's Version
|