| dc.contributor | 資管系 | - |
| dc.creator (作者) | Yu, Fang;Bultan, T.;Hardekopf, B. | - |
| dc.creator (作者) | 郁方 | - |
| dc.date (日期) | 2011 | - |
| dc.date.accessioned | 22-Jun-2015 13:20:37 (UTC+8) | - |
| dc.date.available | 22-Jun-2015 13:20:37 (UTC+8) | - |
| dc.date.issued (上傳時間) | 22-Jun-2015 13:20:37 (UTC+8) | - |
| dc.identifier.uri (URI) | http://nccur.lib.nccu.edu.tw/handle/140.119/75982 | - |
| dc.description.abstract (摘要) | Verifying string manipulating programs is a crucial problem in computer security. String operations are used extensively within web applications to manipulate user input, and their erroneous use is the most common cause of security vulnerabilities in web applications. Unfortunately, verifying string manipulating programs is an undecidable problem in general and any approximate string analysis technique has an inherent tension between efficiency and precision. In this paper we present a set of sound abstractions for strings and string operations that allow for both efficient and precise verification of string manipulating programs. Particularly, we are able to verify properties that involve implicit relations among string variables. We first describe an abstraction called regular abstraction which enables us to perform string analysis using multi-track automata as a symbolic representation. We then introduce two other abstractions-alphabet abstraction and relation abstraction-that can be used in combination to tune the analysis precision and efficiency. We show that these abstractions form an abstraction lattice that generalizes the string analysis techniques studied previously in isolation, such as size analysis or non-relational string analysis. Finally, we empirically evaluate the effectiveness of these abstraction techniques with respect to several benchmarks and an open source application, demonstrating that our techniques can improve the performance without loss of accuracy of the analysis when a suitable abstraction class is selected. © 2011 Springer-Verlag. | - |
| dc.format.extent | 176 bytes | - |
| dc.format.mimetype | text/html | - |
| dc.relation (關聯) | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Volume 6823 LNCS, 2011, Pages 20-37, 18th International SPIN Workshop on Model Checking of Software, SPIN 2011; Snowbird, UT; United States; 14 July 2011 到 15 July 2011; 代碼 85615 | - |
| dc.subject (關鍵詞) | Abstraction class; Abstraction techniques; Loss of accuracy; Open source application; Security vulnerabilities; Size analysis; String analysis; Symbolic representation; User input; WEB application; Benchmarking; Model checking; Security of data; User interfaces; World Wide Web; Abstracting | - |
| dc.title (題名) | String abstractions for string verification | - |
| dc.type (資料類型) | conference | en |
| dc.identifier.doi (DOI) | 10.1007/978-3-642-22306-8_3 | - |
| dc.doi.uri (DOI) | http://dx.doi.org/10.1007/978-3-642-22306-8_3 | - |
