MOPS : an Infrastructure for Examining Security Properties of Softwarey

ABSTRACT We des ribe a formal approa h for nding bugs in se urityrelevant software and verifying their absen e. The idea is as follows: we identify rules of safe programming pra ti e, enode them as safety properties, and verify whether these properties are obeyed. Be ause manual veri ation is too expensive, we have built a program analysis tool to automate this pro ess. Our program analysis models the program to be veri ed as a pushdown automaton, represents the se urity property as a nite state automaton, and uses model he king te hniques to identify whether any state violating the desired se urity goal is rea hable in the program. The major advantages of this approa h are that it is sound in verifying the absen e of ertain lasses of vulnerabilities, that it is fully interpro edural, and that it is eÆ ient and s alable. Experien e suggests that this approa h will be useful in nding a wide range of se urity vulnerabilities in large programs eÆ iently.