Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
SEKE
2010
Springer
2010
Springer
A String Constraint Solver for Detecting Web Application Vulnerability
Given the bytecode of a software system, is it possible to automatically generate attack signatures that reveal its vulnerabilities? A natural solution would be symbolically executing the target system and constructing constraints for matching path conditions and attack patterns. Clearly, the constraint solving technique is the key to the above research. This paper presents Simple Linear String Equation (SISE), a formalism for specifying constraints on strings. SISE uses finite state transducers to precisely model various regular replacement operations, which makes it applicable for analyzing text processing programs such as web applications. We present a recursive algorithm that computes the solution pool of a SISE. Given the solution pool, a concrete variable solution can be generated. The algorithm is implemented in a Java constraint solver called SUSHI, which is applied to security analysis of web applications.
Real-time TrafficRelated Content
| Added | 30 Jan 2011 |
| Updated | 30 Jan 2011 |
| Type | Journal |
| Year | 2010 |
| Where | SEKE |
| Authors | Xiang Fu, Chung-Chih Li |
Comments (0)
Researcher Info
|
