bug classes discovery via inference & reasoning :

[endrazine <endrazine () gmail com>]

Hi dear list,

I curently have classes of so called "Web intelligence" (ie: web 
semantic & AI).
I find the capabilities of inference of OWL amazing on complex systems, 
and was
therefor wondering if anyone had ever attempted to describe a given 
architechture
with ontologies in order to detect potential new classes of bugs. For 
instance, no model
was (to my knowledge) able to detect overflows in statically allocated, 
initialised buffers (stack overflows)
but telling OWL that putting more data than it can handle in a fix sized 
buffer is a bad thing isn't too difficult...
Now, indeed, describing a whole actual application (modeling the actual 
stack and heap at least, for each
"individual operation" - ie: asm instruction ), and then using the OWL 
engine is at least as bad as
trying to examine each state of the application (ie: NP complete, not 
doable, etc). But what about determining
new classes of bugs ? Independently modelizing a stack/heap and usual 
syscalls or even user defined functions
on a given architecture seem quite doable to me... Google didn't help 
much in that matter...
Just a few thoughts...

Have a nice week end,

Regards,

endrazine-

PS: If anyone made prior work on such things, feel free to contact me 
off list and leak me your
rdfs rulez ;)
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave