Global value numbers and redundant computations
POPL '88 Proceedings of the 15th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Constant propagation with conditional branches
ACM Transactions on Programming Languages and Systems (TOPLAS)
Efficiently computing static single assignment form and the control dependence graph
ACM Transactions on Programming Languages and Systems (TOPLAS)
Regular models of phonological rule systems
Computational Linguistics - Special issue on computational phonology
Formal language, grammar and set-constraint-based program analysis by abstract interpretation
FPCA '95 Proceedings of the seventh international conference on Functional programming languages and computer architecture
Call graph construction in object-oriented languages
Proceedings of the 12th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
A framework for call graph construction algorithms
ACM Transactions on Programming Languages and Systems (TOPLAS)
Mona: Monadic Second-Order Logic in Practice
TACAS '95 Proceedings of the First International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Combining Slicing and Constraint Solving for Validation of Measurement Software
SAS '96 Proceedings of the Third International Symposium on Static Analysis
Bounded Model Construction for Monadic Second-Order Logics
CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
Static approximation of dynamically generated Web pages
WWW '05 Proceedings of the 14th international conference on World Wide Web
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Creating Vulnerability Signatures Using Weakest Preconditions
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Static path conditions for Java
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Symbolic String Verification: An Automata-Based Approach
SPIN '08 Proceedings of the 15th international workshop on Model Checking Software
Merlin: specification inference for explicit information flow problems
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
TAJ: effective taint analysis of web applications
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
A decision procedure for subset constraints over regular languages
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Modular string-sensitive permission analysis with demand-driven precision
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Efficient symbolic execution of strings for validating web applications
Proceedings of the 2nd International Workshop on Defects in Large Software Systems: Held in conjunction with the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2009)
ASE '09 Proceedings of the 2009 IEEE/ACM International Conference on Automated Software Engineering
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
Pex: white box test generation for .NET
TAP'08 Proceedings of the 2nd international conference on Tests and proofs
A Symbolic Execution Framework for JavaScript
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
F4F: taint analysis of framework-based web applications
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
A type system for regular expressions
Proceedings of the 14th Workshop on Formal Techniques for Java-like Programs
Automating presentation changes in dynamic web applications via collaborative hybrid analysis
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
ANDROMEDA: accurate and scalable security analysis of web applications
FASE'13 Proceedings of the 16th international conference on Fundamental Approaches to Software Engineering
Finding your way in the testing jungle: a learning approach to web security testing
Proceedings of the 2013 International Symposium on Software Testing and Analysis
Path sensitive static analysis of web applications for remote code execution vulnerability detection
Proceedings of the 2013 International Conference on Software Engineering
Z3-str: a z3-based string solver for web application analysis
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Extracting URLs from JavaScript via program analysis
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Automata-based symbolic string analysis for vulnerability detection
Formal Methods in System Design
| Hi-index | 0.00 |
We propose a novel technique for statically verifying the strings generated by a program. The verification is conducted by encoding the program in Monadic Second-Order Logic (M2L). We use M2L to describe constraints among program variables and to abstract built-in string operations. Once we encode a program in M2L, a theorem prover for M2L, such as MONA, can automatically check if a string generated by the program satisfies a given specification, and if not, exhibit a counterexample. With this approach, we can naturally encode relationships among strings, accounting also for cases in which a program manipulates strings using indices. In addition, our string analysis is path sensitive in that it accounts for the effects of string and Boolean comparisons, as well as regular-expression matches. We have implemented our string-analysis algorithm, and used it to augment an industrial security analysis for Web applications by automatically detecting and verifying sanitizers---methods that eliminate malicious patterns from untrusted strings, making those strings safe to use in security-sensitive operations. On the 8 benchmarks we analyzed, our string analyzer discovered 128 previously unknown sanitizers, compared to 71 sanitizers detected by a previously presented string analysis.