Patching vulnerabilities with sanitization synthesis
Proceedings of the 33rd International Conference on Software Engineering
Path- and index-sensitive string analysis based on monadic second-order logic
Proceedings of the 2011 International Symposium on Software Testing and Analysis
String abstractions for string verification
Proceedings of the 18th international SPIN conference on Model checking software
STRANGER: an automata-based string analysis tool for PHP
TACAS'10 Proceedings of the 16th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Symbolic execution of programs with strings
Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference
Path- and index-sensitive string analysis based on monadic second-order logic
ACM Transactions on Software Engineering and Methodology (TOSEM) - Testing, debugging, and error handling, formal methods, lifecycle concerns, evolution and maintenance
Hi-index | 0.00 |
Given a program and an attack pattern (specified as a regular expression), we automatically generate string-based vulnerability signatures, i.e., a characterization that includes all malicious inputs that can be used to generate attacks. We use an automata-based string analysis framework. Using forward reachability analysis we compute an over-approximation of all possible values that string variables can take at each program point. Intersecting these with the attack pattern yields the potential attack strings if the program is vulnerable. Using backward analysis we compute an over-approximation of all possible inputs that can generate those attack strings. In addition to identifying existing vulnerabilities and their causes, these vulnerability signatures can be used to filter out malicious inputs. Our approach extends the prior work on automata-based string analysis by providing a backward symbolic analysis that includes a symbolic pre-image computation for deterministic finite automata on common string manipulating functions such as concatenation and replacement.