Differential Slicing: Identifying Causal Execution Differences for Security Applications

A security analyst often needs to understand two runs of the same program that exhibit a difference in program state or output. This is important, for example, for vulnerability analysis, as well as for analyzing a malware program that features different behaviors when run in different environments. In this paper, the authors propose a differential slicing approach that automates the analysis of such execution differences. Differential slicing outputs a causal difference graph that captures the input differences that triggered the observed difference and the causal path of differences that led from those input differences to the observed difference.

Provided by: University of California Topic: Security Date Added: Mar 2011 Format: PDF

Find By Topic