String Abstractions for String Verification

Yu, Fang; Bultan, Tevfik; Hardekopf, Ben

doi:10.1007/978-3-642-22306-8_3

Cited by 16 publications

(6 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There is a large body of work on statically detecting security vulnerabilities in programs. Many of these techniques focus on detecting cross-site scripting (XSS) or code injection vulnerabilities [8,11,12,15,17,19,20,23,27,28,29,31,32,33,34]. There has also been recent work on static detection of specific classes of denial-of-service vulnerabilities.…”

Section: Related Workmentioning

confidence: 99%

Static Detection of DoS Vulnerabilities in Programs that Use Regular Expressions

Wüstholz

Olivo

Heule

et al. 2017

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

In an algorithmic complexity attack, a malicious party takes advantage of the worst-case behavior of an algorithm to cause denial-ofservice. A prominent algorithmic complexity attack is regular expression denial-of-service (ReDoS ), in which the attacker exploits a vulnerable regular expression by providing a carefully-crafted input string that triggers worst-case behavior of the matching algorithm. This paper proposes a technique for automatically finding ReDoS vulnerabilities in programs. Specifically, our approach automatically identifies vulnerable regular expressions in the program and determines whether an "evil" input string can be matched against a vulnerable regular expression. We have implemented our proposed approach in a tool called Rexploiter and found 41 exploitable security vulnerabilities in Java web applications.

show abstract

Section: Related Workmentioning

confidence: 99%

Static Detection of DoS Vulnerabilities in Programs that Use Regular Expressions

Wüstholz

Olivo

Heule

et al. 2017

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

show abstract

“…The information tracked by this analysis is fixed, and it is specific for PHP programs. However, in 2011, they proposed a unifying framework of their previous works, that is, an abstraction lattice, which can be tuned to provide various trade‐offs between precision and performance. The framework is based on the regular abstraction , a relational analysis in which values of string variables are represented as multitrack DFA (each track corresponds to a specific string variable).…”

Section: Related Workmentioning

confidence: 99%

A suite of abstract domains for static analysis of string values

2013

View full text Add to dashboard Cite

Strings are widely used in modern programming languages in various scenarios. For instance, strings are used to build up Structured Query Language (SQL) queries that are then executed. Malformed strings may lead to subtle bugs, as well as non-sanitized strings may raise security issues in an application. For these reasons, the application of static analysis to compute safety properties over string values at compile time is particularly appealing. In this article, we propose a generic approach for the static analysis of string values based on abstract interpretation. In particular, we design a suite of abstract semantics for strings, where each abstract domain tracks a different kind of information. We discuss the trade-off between efficiency and accuracy when using such domains to catch the properties of interest. In this way, the analysis can be tuned at different levels of precision and efficiency, and it can address specific properties. The concrete semantics of these operators is approximated in different ways by the five different abstract domains. In addition, after 30 years of practice with numerical domains, it is clear that a monolithic domain precise on any program and property (e.g., Polyhedra [14]) gives up in terms of efficiency, whereas to achieve scalability, we need specific approximations on a given property (e.g., Pentagons [17]) or class of programs (e.g., ASTRÉE [18]). With this scenario in mind, we develop several domains inside the same framework to tune the analysis at different levels of precision and efficiency with respect to the analyzed class of programs and property. Other abstractions are possible and welcomed, and we expect our framework to be generic enough to support them.This article ‡ is structured as follows. In the rest of this section, we introduce two running examples, and we recall some basic concepts of abstract interpretation. Section 2 defines the syntax of the string operators that we will consider in the rest of the article. Section 3 introduces their concrete semantics, whereas in Section 4, the five abstract domains and the core of this work are formalized and are used to analyze the running examples. In Section 5, more experimental results are presented. Finally, Section 6 discusses the related work, and Section 7 concludes. Running examplesThroughout all the article, we will always refer to the two examples reported in Figures 1(a) and 1(b).The first Java program, prog1, is taken from [7], and it dynamically builds an SQL query by concatenating several strings. One of these concatenations applies only if a given input value, unknown at compile time, is not null. We are interested in checking if the SQL query resulting by ‡ The article is a fully revised and extended version of [19]

show abstract

“…These investigations have the capability of uncovering vulnerabilities, a large portion of them [9], [10], [11], [12], [13], [14], [15], [16] can't solidly reason about the string and non-string parts of an application and numerous need way affectability, though RCE assaults oblige fulfilling interesting way conditions, including both strings and non-strings. As of late, scientists have proposed methods that can display both strings and non-strings in dynamic typical execution of web applications [17], [18] [19].…”

Section: Introductionmentioning

confidence: 99%

Attack Detection and Security in Remote Code Execution

Sharma¹,

Tomar²

2015

IJCA

View full text Add to dashboard Cite

The communication system today mostly relies on the World Wide Web. It is also the most convenient way and easier accessing to both the parties within few seconds. This is the one phase which is the brightest way of remote communication the other phase is the data is on the risk. Because the attackers are waiting for the code execution and by the several means the data might be attacked. So attack detection and considering security is the major concern now days. In this paper we have implemented an advanced security system by using advanced Rivest Cipher (RC) mechanism. A detection mechanism with the help of bengin tag is also implemented to achieve the malicious detection. There is a provision of data existence check also so that the data will be identified timely. The results shown by our methodology have the improving detection approach in terms of security and data existence. For this JSP and HTML based framework are used.

show abstract

String Abstractions for String Verification

Cited by 16 publications

References 23 publications

Static Detection of DoS Vulnerabilities in Programs that Use Regular Expressions

Static Detection of DoS Vulnerabilities in Programs that Use Regular Expressions

A suite of abstract domains for static analysis of string values

Attack Detection and Security in Remote Code Execution

Contact Info

Product

Resources

About