Sciweavers

Share
POPL
2016
ACM

String solving with word equations and transducers: towards a logic for analysing mutation XSS

3 years 6 months ago
String solving with word equations and transducers: towards a logic for analysing mutation XSS
We study the fundamental issue of decidability of satisfiability over string logics with concatenations and finite-state transducers as atomic operations. Although restricting to one type of operations yields decidability, little is known about the decidability of their combined theory, which is especially relevant when analysing security vulnerabilities of dynamic web pages in a more realistic browser model. On the one hand, word equations (string logic with concatenations) cannot precisely capture sanitisation functions (e.g. htmlescape) and implicit browser transductions (e.g. innerHTML mutations). On the other hand, transducers suffer from the reverse problem of being able to model sanitisation functions and browser transductions, but not string concatenations. Naively combining word equations and transducers easily leads to an undecidable logic. Our main contribution is to show that the “straightline fragment” of the logic is decidable (complexity ranges from PSPACE to EXPS...
Anthony Widjaja Lin, Pablo Barceló
Added 09 Apr 2016
Updated 09 Apr 2016
Type Journal
Year 2016
Where POPL
Authors Anthony Widjaja Lin, Pablo Barceló
Comments (0)
books