Analysis of software weakness detection of CBMC based on CWE

Minjae Byun; Yongjun Lee; Jin Young Choi

doi:10.23919/ICACT48636.2020.9061281

Analysis of software weakness detection of CBMC based on CWE

Minjae Byun, Yongjun Lee, Jin Young Choi

Graduate School of Information Study

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Model checking is a method of verifying whether a target system satisfies a specific property using mathematical and logical proofs. Model checking tools to verify design (1) require a formal description of the design and (2) there can be discrepancies between the model and actual implementation. To solve these problems, various tools such as CBMC and BLAST that can directly input C codes have been proposed. However, in terms of security, it is difficult to figure out which software weaknesses these tools can verify. In this paper, we matched the properties that CBMC can verify with corresponding CWEs, considering interdependencies of CWEs. We also conducted an experiment using Juliet Test Suite to check CBMC can actually verify the codes including these CWEs.

Original language	English
Title of host publication	22nd International Conference on Advanced Communications Technology
Subtitle of host publication	Digital Security Global Agenda for Safe Society, ICACT 2020 - Proceeding
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	171-175
Number of pages	5
ISBN (Electronic)	9791188428045
ISBN (Print)	9791188428045
DOIs	https://doi.org/10.23919/ICACT48636.2020.9061281
Publication status	Published - 2020 Feb 1
Event	22nd International Conference on Advanced Communications Technology, ICACT 2020 - Pyeongchang, Korea, Republic of Duration: 2020 Feb 16 → 2020 Feb 19

Publication series

Name	International Conference on Advanced Communication Technology, ICACT
Volume	2020
ISSN (Print)	1738-9445

Conference

Conference	22nd International Conference on Advanced Communications Technology, ICACT 2020
Country	Korea, Republic of
City	Pyeongchang
Period	20/2/16 → 20/2/19

Keywords

CBMC
information security
model checking
software weakness

ASJC Scopus subject areas

Electrical and Electronic Engineering

Access to Document

10.23919/ICACT48636.2020.9061281

Fingerprint Dive into the research topics of 'Analysis of software weakness detection of CBMC based on CWE'. Together they form a unique fingerprint.

Cite this

Byun, M., Lee, Y., & Choi, J. Y. (2020). Analysis of software weakness detection of CBMC based on CWE. In 22nd International Conference on Advanced Communications Technology: Digital Security Global Agenda for Safe Society, ICACT 2020 - Proceeding (pp. 171-175). [9061281] (International Conference on Advanced Communication Technology, ICACT; Vol. 2020). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.23919/ICACT48636.2020.9061281

Analysis of software weakness detection of CBMC based on CWE. / Byun, Minjae; Lee, Yongjun; Choi, Jin Young.

22nd International Conference on Advanced Communications Technology: Digital Security Global Agenda for Safe Society, ICACT 2020 - Proceeding. Institute of Electrical and Electronics Engineers Inc., 2020. p. 171-175 9061281 (International Conference on Advanced Communication Technology, ICACT; Vol. 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Byun, M, Lee, Y & Choi, JY 2020, Analysis of software weakness detection of CBMC based on CWE. in 22nd International Conference on Advanced Communications Technology: Digital Security Global Agenda for Safe Society, ICACT 2020 - Proceeding., 9061281, International Conference on Advanced Communication Technology, ICACT, vol. 2020, Institute of Electrical and Electronics Engineers Inc., pp. 171-175, 22nd International Conference on Advanced Communications Technology, ICACT 2020, Pyeongchang, Korea, Republic of, 20/2/16. https://doi.org/10.23919/ICACT48636.2020.9061281

Byun M, Lee Y, Choi JY. Analysis of software weakness detection of CBMC based on CWE. In 22nd International Conference on Advanced Communications Technology: Digital Security Global Agenda for Safe Society, ICACT 2020 - Proceeding. Institute of Electrical and Electronics Engineers Inc. 2020. p. 171-175. 9061281. (International Conference on Advanced Communication Technology, ICACT). https://doi.org/10.23919/ICACT48636.2020.9061281

Byun, Minjae ; Lee, Yongjun ; Choi, Jin Young. / Analysis of software weakness detection of CBMC based on CWE. 22nd International Conference on Advanced Communications Technology: Digital Security Global Agenda for Safe Society, ICACT 2020 - Proceeding. Institute of Electrical and Electronics Engineers Inc., 2020. pp. 171-175 (International Conference on Advanced Communication Technology, ICACT).

@inproceedings{4815be9016864b55a52c9fea40dc78c1,

title = "Analysis of software weakness detection of CBMC based on CWE",

abstract = "Model checking is a method of verifying whether a target system satisfies a specific property using mathematical and logical proofs. Model checking tools to verify design (1) require a formal description of the design and (2) there can be discrepancies between the model and actual implementation. To solve these problems, various tools such as CBMC and BLAST that can directly input C codes have been proposed. However, in terms of security, it is difficult to figure out which software weaknesses these tools can verify. In this paper, we matched the properties that CBMC can verify with corresponding CWEs, considering interdependencies of CWEs. We also conducted an experiment using Juliet Test Suite to check CBMC can actually verify the codes including these CWEs.",

keywords = "CBMC, information security, model checking, software weakness",

author = "Minjae Byun and Yongjun Lee and Choi, {Jin Young}",

note = "Publisher Copyright: {\textcopyright} 2020 Global IT Research Institute - GIRI. Copyright: Copyright 2020 Elsevier B.V., All rights reserved.; 22nd International Conference on Advanced Communications Technology, ICACT 2020 ; Conference date: 16-02-2020 Through 19-02-2020",

year = "2020",

month = feb,

day = "1",

doi = "10.23919/ICACT48636.2020.9061281",

language = "English",

isbn = "9791188428045",

series = "International Conference on Advanced Communication Technology, ICACT",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "171--175",

booktitle = "22nd International Conference on Advanced Communications Technology",

}

TY - GEN

T1 - Analysis of software weakness detection of CBMC based on CWE

AU - Byun, Minjae

AU - Lee, Yongjun

AU - Choi, Jin Young

PY - 2020/2/1

Y1 - 2020/2/1

N2 - Model checking is a method of verifying whether a target system satisfies a specific property using mathematical and logical proofs. Model checking tools to verify design (1) require a formal description of the design and (2) there can be discrepancies between the model and actual implementation. To solve these problems, various tools such as CBMC and BLAST that can directly input C codes have been proposed. However, in terms of security, it is difficult to figure out which software weaknesses these tools can verify. In this paper, we matched the properties that CBMC can verify with corresponding CWEs, considering interdependencies of CWEs. We also conducted an experiment using Juliet Test Suite to check CBMC can actually verify the codes including these CWEs.

AB - Model checking is a method of verifying whether a target system satisfies a specific property using mathematical and logical proofs. Model checking tools to verify design (1) require a formal description of the design and (2) there can be discrepancies between the model and actual implementation. To solve these problems, various tools such as CBMC and BLAST that can directly input C codes have been proposed. However, in terms of security, it is difficult to figure out which software weaknesses these tools can verify. In this paper, we matched the properties that CBMC can verify with corresponding CWEs, considering interdependencies of CWEs. We also conducted an experiment using Juliet Test Suite to check CBMC can actually verify the codes including these CWEs.

KW - CBMC

KW - information security

KW - model checking

KW - software weakness

UR - http://www.scopus.com/inward/record.url?scp=85083993516&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85083993516&partnerID=8YFLogxK

U2 - 10.23919/ICACT48636.2020.9061281

DO - 10.23919/ICACT48636.2020.9061281

M3 - Conference contribution

AN - SCOPUS:85083993516

SN - 9791188428045

T3 - International Conference on Advanced Communication Technology, ICACT

SP - 171

EP - 175

BT - 22nd International Conference on Advanced Communications Technology

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 22nd International Conference on Advanced Communications Technology, ICACT 2020

Y2 - 16 February 2020 through 19 February 2020

ER -