Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Arie Gurfinkel
October 2014 - Article Supervised Learning for Provenance-Similarity of Binaries

Topics: Malware Analysis

In this article, the authors present a notion of similarity based on provenance; two binaries are similar if they are compiled from the same source code with the same compilers.

October 2014 - Article Binary Function Clustering using Semantic Hashes

Topics: Malware Analysis

In this article, the authors present an alternative to pair wise comparisons based on "hashing” that captures the semantics of functions as semantic hashes.

October 2014 - Article Recovering C++ Objects From Binaries Using Inter-Procedural Data-Flow Analysis

Topics: Malware Analysis

In this article, the authors present a static approach that uses symbolic execution and inter-procedural data flow analysis to discover object instances, data members, and methods of a common class.

April 2013 - White Paper Four Pillars for Improving the Quality of Safety-Critical Software-Reliant Systems

Topics: Software Architecture

This white paper presents an improvement strategy comprising four pillars of an integrate-then-build practice that lead to improved quality through early defect discovery and incremental end-to-end validation and verification.

November 2012 - Special Report Reliability Improvement and Validation Framework

Topics: Software Architecture

This report discusses the reliability validation and improvement framework developed by the SEI. The purpose of this framework is to provide a foundation for addressing the challenges of qualifying increasingly software-reliant, safety-critical systems.

August 2012 - Technical Report Results of SEI Line-Funded Exploratory New Starts Projects

This report describes the line-funded exploratory new starts (LENS) projects that were undertaken during fiscal year 2011. For each project, the report presents a brief description and a recounting of the research that was done, as well as a synopsis of the results of the project.

October 2011 - Presentation Time-Bounded Analysis of Real-Time Systems

Topics: Cyber-Physical Systems

This presentation considers the problem of verifying functional correctness of periodic Real-Time Embedded Software (RTES), a popular variant of RTES that execute periodic tasks in an order determined by Rate Monotonic Scheduling (RMS).

August 2010 - Technical Report COVERT: A Framework for Finding Buffer Overflows in C Programs via Software Verification

Topics: Software Architecture

In this report, the authors present COVERT, an automated framework for finding buffer overflows in C programs using software verification tools and techniques.