Mona: Monadic Second-Order Logic in Practice
TACAS '95 Proceedings of the First International Workshop on Tools and Algorithms for Construction and Analysis of Systems
CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Static Checking of Dynamically Generated Queries in Database Applications
Proceedings of the 26th International Conference on Software Engineering
Static approximation of dynamically generated Web pages
WWW '05 Proceedings of the 14th international conference on World Wide Web
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
A Static Analysis Framework For Detecting SQL Injection Vulnerabilities
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 01
Abstracting Symbolic Execution with String Analysis
TAICPART-MUTATION '07 Proceedings of the Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Symbolic String Verification: An Automata-Based Approach
SPIN '08 Proceedings of the 15th international workshop on Model Checking Software
Symbolic String Verification: Combining String Analysis and Size Analysis
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
HAMPI: a solver for string constraints
Proceedings of the eighteenth international symposium on Software testing and analysis
ASE '09 Proceedings of the 2009 IEEE/ACM International Conference on Automated Software Engineering
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
A Symbolic Execution Framework for JavaScript
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Relational string verification using multi-track automata
CIAA'10 Proceedings of the 15th international conference on Implementation and application of automata
Patching vulnerabilities with sanitization synthesis
Proceedings of the 33rd International Conference on Software Engineering
STRANGER: an automata-based string analysis tool for PHP
TACAS'10 Proceedings of the 16th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Path sensitive static analysis of web applications for remote code execution vulnerability detection
Proceedings of the 2013 International Conference on Software Engineering
Automata-based symbolic string analysis for vulnerability detection
Formal Methods in System Design
| Hi-index | 0.00 |
Verifying string manipulating programs is a crucial problem in computer security. String operations are used extensively within web applications to manipulate user input, and their erroneous use is the most common cause of security vulnerabilities in web applications. Unfortunately, verifying string manipulating programs is an undecidable problem in general and any approximate string analysis technique has an inherent tension between efficiency and precision. In this paper we present a set of sound abstractions for strings and string operations that allow for both efficient and precise verification of string manipulating programs. Particularly, we are able to verify properties that involve implicit relations among string variables. We first describe an abstraction called regular abstraction which enables us to perform string analysis using multi-track automata as a symbolic representation. We then introduce two other abstractions--alphabet abstraction and relation abstraction--that can be used in combination to tune the analysis precision and efficiency. We show that these abstractions form an abstraction lattice that generalizes the string analysis techniques studied previously in isolation, such as size analysis or non-relational string analysis. Finally, we empirically evaluate the effectiveness of these abstraction techniques with respect to several benchmarks and an open source application, demonstrating that our techniques can improve the performance without loss of accuracy of the analysis when a suitable abstraction class is selected.