Symbolic String Verification: An Automata-Based Approach

Yu, Fang; Bultan, Tevfik; Cova, Marco; Ibarra, Óscar H.

doi:10.1007/978-3-540-85114-1_21

Cited by 69 publications

(88 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…DFA based symbolic string analysis has been used to verify the correctness of string sanitization operations in PHP programs [23], [22]. Recently, foundations of relational string analysis using multi-track automata (as opposed to single-track automata used in our analysis) were investigated in [24].…”

Section: Related Workmentioning

confidence: 99%

“…• concat(exp1, exp2): Here we compute the concatenation of the regular languages resulting from evaluating exp1 and exp2 and return it as the result (using the symbolic DFA concatenation operation discussed in [23] Conditional Statement: This type of statement represents the branch conditions in a number of language constructs in JavaScript including if statement, for loop, while loop and do while loop. Conditional statement consists of a predicate on variables and constants.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Verifying client-side input validation functions using string analysis

Alkhalaf¹,

Bultan²,

Gallegos³

2012

2012 34th International Conference on Software Engineering (ICSE)

Self Cite

View full text Add to dashboard Cite

Abstract-Client-side computation in web applications is becoming increasingly common due to the popularity of powerful client-side programming languages such as JavaScript. Clientside computation is commonly used to improve an application's responsiveness by validating user inputs before they are sent to the server. In this paper, we present an analysis technique for checking if a client-side input validation function conforms to a given policy. In our approach, input validation policies are expressed using two regular expressions, one specifying the maximum policy (the upper bound for the set of inputs that should be allowed) and the other specifying the minimum policy (the lower bound for the set of inputs that should be allowed). Using our analysis we can identify two types of errors 1) the input validation function accepts an input that is not permitted by the maximum policy, or 2) the input validation function rejects an input that is permitted by the minimum policy. We implemented our analysis using dynamic slicing to automatically extract the input validation functions from web applications and using automata-based string analysis to analyze the extracted functions. Our experiments demonstrate that our approach is effective in finding errors in input validation functions that we collected from real-world applications and from tutorials and books for teaching JavaScript.

show abstract

Section: Related Workmentioning

confidence: 99%

mentioning

confidence: 99%

Verifying client-side input validation functions using string analysis

Alkhalaf¹,

Bultan²,

Gallegos³

2012

2012 34th International Conference on Software Engineering (ICSE)

Self Cite

View full text Add to dashboard Cite

show abstract

“…A more recent work was developed by Yu et al [24]. It presented an automatabased approach for the verification of string operations in PHP programs.…”

Section: Related Workmentioning

confidence: 99%

“…On the other hand, the stateof-the-art in this field is still limited: approaches that rely on automata and use regular expressions are precise but slow, and they do not scale up [14,24,21,13], while many other approaches are focused on particular properties or class of programs [10,18,12]. Genericity and scalability are the main advantages of the abstract interpretation approach [4,5], though its instantiation to textual values has been quite limited up to now.…”

Section: Introductionmentioning

confidence: 99%

Static Analysis of String Values

Costantini

Ferrara

Cortesi

2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…All statements are labeled. We only consider one string operation (concatenation) in our formal model; however, our symbolic string analysis techniques can be extended to handle complex string operations (such as replacement [14]). Function calls use call-by-value parameter passing.…”

Section: String Systemsmentioning

confidence: 99%

Relational String Verification Using Multi-track Automata

Bultan

Ibarra

2011

Implementation and Application of Automata

Self Cite

View full text Add to dashboard Cite

Abstract. Verification of string manipulation operations is a crucial problem in computer security. In this paper, we present a new relational string verification technique based on multi-track automata. Our approach is capable of verifying properties that depend on relations among string variables. This enables us to prove that vulnerabilities that result from improper string manipulation do not exist in a given program. Our main contributions in this paper can be summarized as follows: (1) We formally characterize the string verification problem as the reachability analysis of string systems and show decidability/undecidability results for several string analysis problems. (2) We develop a sound symbolic analysis technique for string verification that over-approximates the reachable states of a given string system using multi-track automata and summarization. (3) We evaluate the presented techniques with respect to several string analysis benchmarks extracted from real web applications.

show abstract

Symbolic String Verification: An Automata-Based Approach

Cited by 69 publications

References 19 publications

Verifying client-side input validation functions using string analysis

Verifying client-side input validation functions using string analysis

Static Analysis of String Values

Relational String Verification Using Multi-track Automata

Contact Info

Product

Resources

About