String Analysis for Software Verification and Security

Nonfiction, Computers, Networking & Communications, Computer Security, Operating Systems, Application Software
Cover of the book String Analysis for Software Verification and Security by Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin, Springer International Publishing
View on Amazon View on AbeBooks View on Kobo View on B.Depository View on eBay View on Walmart
Author: Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin ISBN: 9783319686707
Publisher: Springer International Publishing Publication: January 4, 2018
Imprint: Springer Language: English
Author: Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin
ISBN: 9783319686707
Publisher: Springer International Publishing
Publication: January 4, 2018
Imprint: Springer
Language: English

This book discusses automated string-analysis techniques, focusing particularly on automata-based static string analysis. It covers the following topics: automata-bases string analysis, computing pre and post-conditions of basic string operations using automata, symbolic representation of automata, forward and backward string analysis using symbolic automata representation, constraint-based string analysis, string constraint solvers, relational string analysis, vulnerability detection using string analysis, string abstractions, differential string analysis, and automated sanitization synthesis using string analysis.

String manipulation is a crucial part of modern software systems; for example, it is used extensively in input validation and sanitization and in dynamic code and query generation. The goal of string-analysis techniques and this book is to determine the set of values that string expressions can take during program execution. String analysis can be used to solve many problems in modern software systems that relate to string manipulation, such as: (1) Identifying security vulnerabilities by checking if a security sensitive function can receive an input string that contains an exploit; (2) Identifying possible behaviors of a program by identifying possible values for dynamically generated code; (3) Identifying html generation errors by computing the html code generated by web applications; (4) Identifying the set of queries that are sent to back-end database by analyzing the code that generates the SQL queries; (5) Patching input validation and sanitization functions by automatically synthesizing repairs illustrated in this book.

Like many other program-analysis problems, it is not possible to solve the string analysis problem precisely (i.e., it is not possible to precisely determine the set of string values that can reach a program point). However, one can compute over- or under-approximations of possible string values. If the approximations are precise enough, they can enable developers to demonstrate existence or absence of bugs in string manipulating code. String analysis has been an active research area in the last decade, resulting in a wide variety of string-analysis techniques.

This book will primarily target researchers and professionals working in computer security, software verification, formal methods, software engineering and program analysis. Advanced level students or instructors teaching or studying courses in computer security, software verification or program analysis will find this book useful as a secondary text. 

View on Amazon View on AbeBooks View on Kobo View on B.Depository View on eBay View on Walmart

This book discusses automated string-analysis techniques, focusing particularly on automata-based static string analysis. It covers the following topics: automata-bases string analysis, computing pre and post-conditions of basic string operations using automata, symbolic representation of automata, forward and backward string analysis using symbolic automata representation, constraint-based string analysis, string constraint solvers, relational string analysis, vulnerability detection using string analysis, string abstractions, differential string analysis, and automated sanitization synthesis using string analysis.

String manipulation is a crucial part of modern software systems; for example, it is used extensively in input validation and sanitization and in dynamic code and query generation. The goal of string-analysis techniques and this book is to determine the set of values that string expressions can take during program execution. String analysis can be used to solve many problems in modern software systems that relate to string manipulation, such as: (1) Identifying security vulnerabilities by checking if a security sensitive function can receive an input string that contains an exploit; (2) Identifying possible behaviors of a program by identifying possible values for dynamically generated code; (3) Identifying html generation errors by computing the html code generated by web applications; (4) Identifying the set of queries that are sent to back-end database by analyzing the code that generates the SQL queries; (5) Patching input validation and sanitization functions by automatically synthesizing repairs illustrated in this book.

Like many other program-analysis problems, it is not possible to solve the string analysis problem precisely (i.e., it is not possible to precisely determine the set of string values that can reach a program point). However, one can compute over- or under-approximations of possible string values. If the approximations are precise enough, they can enable developers to demonstrate existence or absence of bugs in string manipulating code. String analysis has been an active research area in the last decade, resulting in a wide variety of string-analysis techniques.

This book will primarily target researchers and professionals working in computer security, software verification, formal methods, software engineering and program analysis. Advanced level students or instructors teaching or studying courses in computer security, software verification or program analysis will find this book useful as a secondary text. 

More books from Springer International Publishing

Cover of the book Asteroseismology and Exoplanets: Listening to the Stars and Searching for New Worlds by Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin
Cover of the book Regional Integration in the Global South by Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin
Cover of the book Contemporary Operations and Logistics by Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin
Cover of the book Work and Family Interface in the International Career Context by Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin
Cover of the book Gendered Citizenship by Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin
Cover of the book Pocket Book for Simulation Debriefing in Healthcare by Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin
Cover of the book Graph Drawing and Network Visualization by Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin
Cover of the book Handbook of the Sociology of the Military by Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin
Cover of the book Particle Interactions in High-Temperature Plasmas by Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin
Cover of the book Nanostructured Lead, Cadmium, and Silver Sulfides by Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin
Cover of the book Intraplate Magmatism and Metallogeny of North Vietnam by Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin
Cover of the book Reforming the Art of Living by Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin
Cover of the book Systems Thinking for School Leaders by Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin
Cover of the book The Fantasy of Individuality by Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin
Cover of the book Families and Transition to School by Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin
We use our own "cookies" and third party cookies to improve services and to see statistical information. By using this website, you agree to our Privacy Policy