Application of model checking technology to automatically vulnerabilities finding in software

Hui Liu,Chongbin Zhang,Xiaomin Zhang
DOI: https://doi.org/10.3321/j.issn:1671-4512.2008.02.018
2008-01-01
Abstract:Model checking technology used widely in industrial designs was introduced into probable vulnerabilities finding in software. A system prototype is proposed to find vulnerabilities in source codes. Taking open-source operating system Linux as an example, a security property model was built for dropping privilege and creating files in this system, and this model was verified by various examples. The results show that the proposed method is a formal means that could prove the existence of vulnerabilities and automatically discover security vulnerabilities in software.
What problem does this paper attempt to address?