Symbolic string verification: An automata-based approach

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5156 LNCS, Issue , 2008, Pages 306-324

  Yu, Fang ^a   Bultan, Tevfik ^a   Cova, Marco ^a   Ibarra, Oscar H ^a  

^a Santa Barbara   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

APPLICATIONS.; CONSERVATIVE APPROXIMATIONS; DETERMINIZATION; EFFICIENT; FIXPOINT COMPUTATIONS; NOVEL ALGORITHMS; PROGRAM EXECUTIONS; PROGRAM POINTS; PROGRAMMING ERRORS; REGULAR EXPRESSIONS; REPLACEMENT FUNCTIONS; SANITIZATION; SECURITY VULNERABILITIES; STATIC ANALYSIS TECHNIQUES; STRING ANALYSES; WIDENING OPERATORS;

COMPUTER SOFTWARE SELECTION AND EVALUATION; DIFFRACTIVE OPTICAL ELEMENTS; ERRORS; PROBABILITY DENSITY FUNCTION; ROBOTS; SPIN DYNAMICS; TECHNICAL PRESENTATIONS; TRANSLATION (LANGUAGES);

MODEL CHECKING;

EID: 54249102273     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-85114-1_21     Document Type: Conference Paper

References (19)

1. Balzarotti, D., Cova, M., Felmetsger, V., Jovanovic, N., Kirda, E., Kruegel, C., Vigna, G.: Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications, In: Proc. Symposium on Security and Privacy (2008)
2. Balzarotti. D., Cova, M.. Felmetsger, V., Vigna, G.: Multi-module vulnerability analysis of web-based applications. In: Proc. 14th ACM conference on Computer and communications security, pp. 25-35. ACM, New York (2007)
3. Bartzis, C., Bultan, T.: Widening arithmetic automata. In: Proc. 16th International Conference on Computer Aided Verification, pp. 321-333 (2004)
4. Biehl, M., Klarlund, N., Rauhe, T.: Algorithms for guided tree automata. In: Raymond, D.R., Yu, S., Wood, D. (eds.) WIA 1996. LNCS, vol. 1260. Springer, Heidelberg (1997)
5. Bouajjani, A., Jonsson, B., Nilsson, M., Touili, T.: Regular model checking. In: Proc. 12th International Conference on Computer Aided Verification, pp. 403-418 (2000)
6. Choi, T.-H., Lee, O., Kim, H., Doh, K.-G.: A practical string analyzer by the widening approach. In: Kobayashi, N. (ed.) APLAS 2006. LNCS, vol. 4279, pp. 374-388. Springer, Heidelberg (2006)
7. Christensen, A.S., Møller, A., Schwartzbach, M.I.: Precise analysis of string expressions. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 1-18. Springer, Heidelberg (2003)
8. Christodorescu. M., Kidd, N., Goh, W.-H.: String analysis for x86 binaries. In: Proc. 6th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE 2005), September 2005, ACM Press, New York (2005)
9. Fu, X., Lu, X., Peltsverger, B., Chen, S., Qian, K., Tao, L.: A static analysis framework for detecting sql injection vulnerabilities. In: Proc. 31st Annual International Computer Software and Applications Conference. COMPSAC 2007, Washington, DC, USA, vol. 1. pp. 87-96. IEEE Computer Society, Los Alamitos (2007)
10. Gerdemann, D., van Noord, G.: Transducers from rewrite rules with backreferences. In: Proc. 9th Conference of the European Chapter of the Association for Computational Linguistics, pp. 126-133 (1999)
11. Gould, C., Su, Z., Devanbu, P.: Static checking of dynamically generated queries in database applications. In: Proc. 26th International Conference on Software Engineering, pp. 645-654 (2004)
12. Karttunen, L.: The replace operator. In: Proc. 33rd annual meeting on Association for Computational Linguistics, pp. 16-23 (1995)
13. Minamide, Y.: Static approximation of dynamically generated web pages. In: Proc. 14th International World Wide Web Conference, pp. 432-441 (2005)
14. Mohri, M., Sproat, R.: An efficient compiler for weighted rewrite rules. In: Proc. 34th annual meeting on Association for Computational Linguistics, pp. 231-238. Association for Computational Linguistics (1996)
15. Shannon, D., Hajra, S., Lee, A., Zhan, D., Khurshid, S.: Abstracting symbolic execution with string analysis. In: Proc. Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION, Washington, DC, USA, pp. 13-22. IEEE Computer Society, Los Alamitos (2007)
16. van Noord, G.: FSA utilities toolbox, http://odur.let.rug.nl/~vannoord/ Fsa/
17. van Noord, G., Gerdemann, D.: An extendible regular expression compiler for finite-state approaches in natural language processing. In: Proc. of the 4th International Workshop on Implementing Automata (WIA), July 1999, pp. 122-139. Springer, Heidelberg (1999)
18. Wassermann, G., Su, Z.: Sound and precise analysis of web applications for injection vulnerabilities. In: Proc. ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation, pp. 32-41 (2007)
19. Xie, Y., Aiken, A.: Static detection of security vulnerabilities in scripting languages. In: Proc. 15th conference on USENIX Security Symposium, Berkeley, CA, USA, p. 13. USENIX Association (2006)