symbolic execution of debian packages
play

Symbolic Execution of Debian Packages Nicolas Jeannerod - PowerPoint PPT Presentation

Jun 06, 2023 •202 likes •886 views

Symbolic Execution of Debian Packages Nicolas Jeannerod nicolas.jeannerod@irif.fr joint work with Benedikt Becker, Claude March Yann Rgis-Gianas, Mihaela Sighireanu, Ralf Treinen IRIF, Universit de Paris September 9, 2019 13th Alpine

  1. Symbolic Execution of Debian Packages Nicolas Jeannerod nicolas.jeannerod@irif.fr joint work with Benedikt Becker, Claude Marché Yann Régis-Gianas, Mihaela Sighireanu, Ralf Treinen IRIF, Université de Paris September 9, 2019 13th Alpine Verification Meeting

  2. Introduction > CoLiS project: Correctness of Linux Scripts 1

  3. Introduction > CoLiS project: Correctness of Linux Scripts > Goal: applying formal methods to the quality assessment of Debian Packages. 1

  4. Introduction > CoLiS project: Correctness of Linux Scripts > Goal: applying formal methods to the quality assessment of Debian Packages. > Debian: operating system. > Packages: way to provide (install, update, remove) software. 1

  5. Introduction > CoLiS project: Correctness of Linux Scripts > Goal: applying formal methods to the quality assessment of Debian Packages. > Debian: operating system. > Packages: way to provide (install, update, remove) software. > Goal (reformulated): making sure that installing/updating/removing software does not: > make other softwares unusable, > make the whole computer unusable, > remove your personnal files, > etc. 1

  6. Installing a Software on Debian 1. Download the package. 2

  7. Installing a Software on Debian 1. Download the package. 2. Execute a pre-installation script. 2

  8. Installing a Software on Debian 1. Download the package. 2. Execute a pre-installation script. 3. Unpack static archive. 2

  9. Installing a Software on Debian 1. Download the package. 2. Execute a pre-installation script. 3. Unpack static archive. 4. Execute a post-installation script. 2

  10. Installing a Software on Debian 1. Download the package. 2. Execute a pre-installation script. > This is a POSIX shell script ran as administrator. 3. Unpack static archive. 4. Execute a post-installation script. > This is a POSIX shell script ran as administrator. 2

  11. Installing a Software on Debian 1. Download the package. 2. Execute a pre-installation script. > This is a POSIX shell script ran as administrator. 3. Unpack static archive. 4. Execute a post-installation script. > This is a POSIX shell script ran as administrator. POSIX shell: > scripting language 2

  12. Installing a Software on Debian 1. Download the package. 2. Execute a pre-installation script. > This is a POSIX shell script ran as administrator. 3. Unpack static archive. 4. Execute a post-installation script. > This is a POSIX shell script ran as administrator. POSIX shell: > scripting language > legacy (born in 1971) 2

  13. Installing a Software on Debian 1. Download the package. 2. Execute a pre-installation script. > This is a POSIX shell script ran as administrator. 3. Unpack static archive. 4. Execute a post-installation script. > This is a POSIX shell script ran as administrator. POSIX shell: Administrator: > scripting language > can do anything on the system > legacy (born in 1971) 2

  14. Installing a Software on Debian 1. Download the package. 2. Execute a pre-installation script. > This is a POSIX shell script ran as administrator. 3. Unpack static archive. 4. Execute a post-installation script. > This is a POSIX shell script ran as administrator. POSIX shell: Administrator: > scripting language > can do anything on the system > legacy (born in 1971) Complicated and dangerous 2

  15. Installing a Software on Debian 1. Download the package. 2. Execute a pre-installation script. > This is a POSIX shell script ran as administrator. 3. Unpack static archive. 4. Execute a post-installation script. > This is a POSIX shell script ran as administrator. POSIX shell: Administrator: > scripting language > can do anything on the system > legacy (born in 1971) Complicated and dangerous. Formal methods? 2

  16. Our Tools: An Overview Debian Package CoLiS Report 3

  17. Our Tools: An Overview Debian Package Shell script Specification Symbolic CoLiS of the script Engine Report 3

  18. Our Tools: An Overview Debian Morbig, Morsmall Package and ColisFromShell t p i r c Colis s l l inter. e h S language Specification Symbolic CoLiS of the script Engine Report 3

  19. Our Tools: An Overview Debian Morbig, Morsmall Package and ColisFromShell t p i r c Colis s l l inter. e h S language Specification Symbolic Specifications CoLiS of the script Engine of commands Report 3

  20. Our Tools: An Overview Debian Morbig, Morsmall Package and ColisFromShell t p i r c Colis s l l inter. e h S language Specification Symbolic Specifications CoLiS of the script Engine of commands SAT? SAT solver for specifications Report 3

  21. Our Tools: An Overview Debian   Régis-Gianas, Morbig, Morsmall J & Treinen Package   and ColisFromShell SLE 2018 t p i r c Colis s   J, Marché l l inter. & Treinen e h   S VSTTE 2017 language Specification Symbolic Specifications CoLiS of the script Engine of commands SAT? SAT solver for specifications Report 3

  22. Specifications, Feature Trees & Constraints

  23. Feature Trees g g f h f h g f > Unranked unordered trees; 4

  24. Feature Trees g g f h f h g f > Unranked unordered trees; > Good models for the UNIX filesystem; 4

  25. Feature Trees g g f h f h g f > Unranked unordered trees; > Good models for the UNIX filesystem; > Shell scripts can be seen as programs that modify such trees; 4

  26. Feature Trees g g f h f h g f > Unranked unordered trees; > Good models for the UNIX filesystem; > Shell scripts can be seen as programs that modify such trees; > Constraints will express relations between such trees. 4

  27. Constraints On Feature Trees Atom (Informal) Semantics 5

  28. Constraints On Feature Trees Atom (Informal) Semantics x [ f ] y From x ’s tree, through f , we go to y ’s tree   Aït-Kaci x [ f ] ↑ In x ’s tree, there is no f Podelski     & Smolka   Ax The root of x ’s tree has decoration A 1992 5

  29. Constraints On Feature Trees Atom (Informal) Semantics x [ f ] y From x ’s tree, through f , we go to y ’s tree   Aït-Kaci x [ f ] ↑ In x ’s tree, there is no f Podelski     & Smolka   Ax The root of x ’s tree has decoration A 1992   Smolka x [ F ] x ’s tree can also use features in F & Treinen   1994 5

  30. Constraints On Feature Trees Atom (Informal) Semantics x [ f ] y From x ’s tree, through f , we go to y ’s tree   Aït-Kaci x [ f ] ↑ In x ’s tree, there is no f Podelski     & Smolka   Ax The root of x ’s tree has decoration A 1992   Smolka x [ F ] x ’s tree can also use features in F & Treinen   1994 x ∼ F y x and y ’s trees are similar except in F 5

  31. Example Specification: mkdir q/f ∃ x , x ′ , y ′ · resolve ( r , cwd , q , x ) ∧ dir ( x ) ∧ x [ f ] ↑ Success ∧ similar ( r , r ′ , cwd , q , x , x ′ ) ∧ x ∼ { f } x ′ ∧ dir ( x ′ ) ∧ x ′ [ f ] y ′ ∧ dir ( y ′ ) ∧ y ′ [ ∅ ] ∃ y · resolve ( r , cwd , q / f , y ) ∧ r . = r ′ noresolve ( r , cwd , q ) ∧ r . = r ′ Error ∃ x · resolve ( r , cwd , q , x ) ∧¬ dir ( x ) ∧ r . = r ′ 6

  32. Example Specification: mkdir q/f ∃ x , x ′ , y ′ · resolve ( r , cwd , q , x ) ∧ dir ( x ) ∧ x [ f ] ↑ Success ∧ similar ( r , r ′ , cwd , q , x , x ′ ) ∧ x ∼ { f } x ′ ∧ dir ( x ′ ) ∧ x ′ [ f ] y ′ ∧ dir ( y ′ ) ∧ y ′ [ ∅ ] ∃ y · resolve ( r , cwd , q / f , y ) ∧ r . = r ′ noresolve ( r , cwd , q ) ∧ r . = r ′ Error ∃ x · resolve ( r , cwd , q , x ) ∧¬ dir ( x ) ∧ r . = r ′ 6

  33. Example Specification: mkdir q/f ∃ x , x ′ , y ′ · resolve ( r , cwd , q , x ) ∧ dir ( x ) ∧ x [ f ] ↑ Success ∧ similar ( r , r ′ , cwd , q , x , x ′ ) ∧ x ∼ { f } x ′ ∧ dir ( x ′ ) ∧ x ′ [ f ] y ′ ∧ dir ( y ′ ) ∧ y ′ [ ∅ ] r ∃ y · resolve ( r , cwd , q / f , y ) ∧ r . = r ′ q ∃ x noresolve ( r , cwd , q ) ∧ r . = r ′ Error ∃ x · resolve ( r , cwd , q , x ) ∧¬ dir ( x ) ∧ r . = r ′ 6

  34. Example Specification: mkdir q/f ∃ x , x ′ , y ′ · resolve ( r , cwd , q , x ) ∧ dir ( x ) ∧ x [ f ] ↑ Success ∧ similar ( r , r ′ , cwd , q , x , x ′ ) ∧ x ∼ { f } x ′ ∧ dir ( x ′ ) ∧ x ′ [ f ] y ′ ∧ dir ( y ′ ) ∧ y ′ [ ∅ ] r ∃ y · resolve ( r , cwd , q / f , y ) ∧ r . = r ′ q ∃ x noresolve ( r , cwd , q ) ∧ r . = r ′ (dir) Error ∃ x · resolve ( r , cwd , q , x ) ∧¬ dir ( x ) ∧ r . = r ′ 6

  35. Example Specification: mkdir q/f ∃ x , x ′ , y ′ · resolve ( r , cwd , q , x ) ∧ dir ( x ) ∧ x [ f ] ↑ Success ∧ similar ( r , r ′ , cwd , q , x , x ′ ) ∧ x ∼ { f } x ′ ∧ dir ( x ′ ) ∧ x ′ [ f ] y ′ ∧ dir ( y ′ ) ∧ y ′ [ ∅ ] r ∃ y · resolve ( r , cwd , q / f , y ) ∧ r . = r ′ q ∃ x noresolve ( r , cwd , q ) ∧ r . = r ′ (dir) Error f ∃ x · resolve ( r , cwd , q , x ) ∧¬ dir ( x ) ∧ r . ⊥ = r ′ 6

Recommend

Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to

Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to

Patterns for Testing Debian Packages Antonio Terceiro terceiro@debian.org A brief intro to Debian CI autopkgtest created back in 2006 (!) 2014: Debian CI launches Goal: provide automated testing for the Debian archive (i.e. run

816 views • 68 slides
Symbolic Execution of Linux binaries About Symbolic Execution Dynamically explore all

Symbolic Execution of Linux binaries About Symbolic Execution Dynamically explore all

A tool for the Symbolic Execution of Linux binaries About Symbolic Execution Dynamically explore all program branches. Inputs are considered symbolic variables. Symbols remain uninstantiated and become constrained at execution

451 views • 24 slides
MATLAB 1 Mathematical Software Symbolic Math Packages - This amorphous set of packages can

MATLAB 1 Mathematical Software Symbolic Math Packages - This amorphous set of packages can

MATLAB 1 Mathematical Software Symbolic Math Packages - This amorphous set of packages can be used to perform symbolic analyses. These packages typically can solve algebraic and differential equations, can integrate and differentiate

1.18k views • 72 slides
Automated Testing of Debian Packages Status Update Lucas Nussbaum lucas@debian.org Lucas

Automated Testing of Debian Packages Status Update Lucas Nussbaum lucas@debian.org Lucas

Introduction Tests Building packages more efficiently Piuparts State of the archive collab-qa Conclusion Automated Testing of Debian Packages Status Update Lucas Nussbaum lucas@debian.org Lucas Nussbaum Automated Testing of Debian

622 views • 34 slides
Symbolic execution as search, and the rise of solvers Search and SMT Symbolic execution is

Symbolic execution as search, and the rise of solvers Search and SMT Symbolic execution is

Symbolic execution as search, and the rise of solvers Search and SMT Symbolic execution is appealingly simple and useful , but computationally expensive ! We will see how the effective use of symbolic execution boils down to a kind of

494 views • 24 slides
Symbolic Execution: Applications Symbolic execution is widely used in practice. Tools based on

Symbolic Execution: Applications Symbolic execution is widely used in practice. Tools based on

Symbolic Execution: Applications Symbolic execution is widely used in practice. Tools based on symbolic execution have found serious errors and security vulnerabilities in various systems: Network servers File systems Device drivers

733 views • 40 slides
Automated Testing of Debian Packages Holger Levsen debian@layer-acht.org Lucas Nussbaum

Automated Testing of Debian Packages Holger Levsen debian@layer-acht.org Lucas Nussbaum

Introduction Lintian and Linda Rebuilding packages Piuparts Structuring QA Conclusion Automated Testing of Debian Packages Holger Levsen debian@layer-acht.org Lucas Nussbaum lucas@debian.org Holger Levsen and Lucas Nussbaum Automated

1.38k views • 31 slides
Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20

Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20

Sylvestre Ledru sylvestre@debian.org Lo Cavaill leo+debian@cavaille.net Debian + 20 000 source packages ~13 architectures 3 kernels The biggest database of FLOSS code (?) The Debile Project January, 19th 2014 Sylvestre Ledru

571 views • 25 slides
Symbolic execution for binary-level security / 50 3 A number of shades of symbolic execution /

Symbolic execution for binary-level security / 50 3 A number of shades of symbolic execution /

Symbolic execution for binary-level security / 50 3 A number of shades of symbolic execution / / Sbastien Bardin & Richard Bonichon 20180409 CEA LIST 1 1,1,L Model Source qb int foo (int t ) { 0,1,L 0,1,L int y = t * t - 4 * t ;

567 views • 34 slides
Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell <msp@debian.org> Introduction

Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell <msp@debian.org> Introduction

Debian KDE-Extras Team Debian KDE-Extras Team Mark Purcell <msp@debian.org> Introduction Introduction The Debian KDE Extras Team maintain a portfolio of extra application packages for Debian GNU/Linux outside the KDE core applications

554 views • 18 slides
Symbolic Execution Emina Torlak emina@cs.washington.edu Outline What is symbolic execution?

Symbolic Execution Emina Torlak emina@cs.washington.edu Outline What is symbolic execution?

CSE 403: Software Engineering, Winter 2016 courses.cs.washington.edu/courses/cse403/16wi/ Symbolic Execution Emina Torlak emina@cs.washington.edu Outline What is symbolic execution? How does it work? State-of-the-art tools 2

637 views • 34 slides
Demo Symbolic Execution Probabilistic Symbolic Execution (Materials kindly provided by Willem

Demo Symbolic Execution Probabilistic Symbolic Execution (Materials kindly provided by Willem

Demo Symbolic Execution Probabilistic Symbolic Execution (Materials kindly provided by Willem Visser) Docker Image Install Docker Download: https://docs.docker.com/engine/installation/ Check: docker --version

446 views • 10 slides
Amusewiki: a year of development Marco Pessotto (melmothX) August 24-26, 2016, Cluj-Napoca

Amusewiki: a year of development Marco Pessotto (melmothX) August 24-26, 2016, Cluj-Napoca

Amusewiki: a year of development Marco Pessotto (melmothX) August 24-26, 2016, Cluj-Napoca Contents Debian packages Blog mode 13 Blog example 14 Other notable improvements 15 16 OPDS example Debian packages cons 17 Debian packages

466 views • 20 slides
Learning to Fuzz from Symbolic Execution with Application to Smart Contracts Jingxuan Mislav

Learning to Fuzz from Symbolic Execution with Application to Smart Contracts Jingxuan Mislav

Learning to Fuzz from Symbolic Execution with Application to Smart Contracts Jingxuan Mislav Nodar Petar Martin He Balunovic Ambroladze Tsankov Vechev Random Fuzzing vs. Symbolic Execution Random Fuzzing Symbolic Execution Fast Slow

633 views • 29 slides
Tutorial: Functional Testing of Debian Packages Antonio Terceiro terceiro@debian.org history

Tutorial: Functional Testing of Debian Packages Antonio Terceiro terceiro@debian.org history

Tutorial: Functional Testing of Debian Packages Antonio Terceiro terceiro@debian.org history automated tests are great and we need more of it automated tests don't replace all manual testing Topics history specs tools

832 views • 50 slides
apt-xapian-index Everything You Always Wanted to Index About Debian Packages, But were Afraid to

apt-xapian-index Everything You Always Wanted to Index About Debian Packages, But were Afraid to

Introduction The solution Interesting bits still to figure out HELP! apt-xapian-index Everything You Always Wanted to Index About Debian Packages, But were Afraid to Ask Enrico Zini enrico@debian.org 23 February 2008 Enrico Zini

462 views • 18 slides
Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years

Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years

Debian 8.0 AKA jessie Michael Prokop Facts 1/3 Debian 8, codename jessie 2 years after Debian 7, codename wheezy (2013-05-04) Release Date: 2015-04-25 [party!] 75 supported languages 4.841 new source packages

587 views • 19 slides
Constraint Solving in Symbolic Execution Cristian Cadar Department of Computing Imperial College

Constraint Solving in Symbolic Execution Cristian Cadar Department of Computing Imperial College

Constraint Solving in Symbolic Execution Cristian Cadar Department of Computing Imperial College London Invited talk at SMT 2015 18 July, San Francisco, CA, USA Dynamic Symbolic Execution Dynamic symbolic execution is a technique for

660 views • 53 slides
Symbolic Execution Builds predicates that characterize Conditions for executing paths

Symbolic Execution Builds predicates that characterize Conditions for executing paths

Symbolic Execution Builds predicates that characterize Conditions for executing paths Symbolic Execution and Proof of Effects of the execution on program state Properties Bridges program behavior to logic Finds important

309 views • 6 slides
Symbolic Execution of Maintainer Scripts Nicolas Jeannerod and Ralf Treinen joint work with

Symbolic Execution of Maintainer Scripts Nicolas Jeannerod and Ralf Treinen joint work with

Introduction Symbolic Execution of Scripts Symbolic Execution of Maintainer Scripts Demo Time Detected Bugs Conclusions App Symbolic Execution of Maintainer Scripts Nicolas Jeannerod and Ralf Treinen joint work with Benedikt Becker, Claude

1.71k views • 115 slides
An Introduction to Dynamic Symbolic Execution and the KLEE Infrastructure Cristian Cadar

An Introduction to Dynamic Symbolic Execution and the KLEE Infrastructure Cristian Cadar

An Introduction to Dynamic Symbolic Execution and the KLEE Infrastructure Cristian Cadar Department of Computing Imperial College London 14 th TAROT Summer School UCL, London, 3 July 2018 Dynamic Symbolic Execution Dynamic symbolic

856 views • 56 slides
Pending Constraints in Symbolic Execution for Better Exploration and Seeding Timotej Kapus Frank

Pending Constraints in Symbolic Execution for Better Exploration and Seeding Timotej Kapus Frank

Pending Constraints in Symbolic Execution for Better Exploration and Seeding Timotej Kapus Frank Busse Cristian Cadar Imperial College London 1 Symbolic Execution Program analysis technique Active research area Used in

1.04k views • 70 slides
Symbolic Execution of Security Protocol Impl.: Handling Cryptographic Primitives Mathy Vanhoef

Symbolic Execution of Security Protocol Impl.: Handling Cryptographic Primitives Mathy Vanhoef

Symbolic Execution of Security Protocol Impl.: Handling Cryptographic Primitives Mathy Vanhoef @vanhoefm USENIX WOOT, Baltimore, US, 14 August 2018 Overview Symbolic Execution 4-way handshake Handling Crypto Results 2 Overview Symbolic

446 views • 41 slides
Symbolic Evaluation/Execution Todays Reading Material L. A. Clarke and D. J. Richardson,

Symbolic Evaluation/Execution Todays Reading Material L. A. Clarke and D. J. Richardson,

Symbolic Evaluation/Execution Todays Reading Material L. A. Clarke and D. J. Richardson, "Applications of Symbolic Evaluation," Journal of Systems and Software, 5 (1), January 1985, pp.15-35. Symbolic Evaluation/Execution

1.07k views • 60 slides

More recommend