Please use this identifier to cite or link to this item:
https://ah.lib.nccu.edu.tw/handle/140.119/78009
DC Field | Value | Language |
---|---|---|
dc.contributor | 資訊管理學系 | |
dc.creator | Yu, Fang;Alkhalaf, Muath;Bultan, Tevfik | |
dc.creator | 郁方 | zh_TW |
dc.date | 2011-05 | |
dc.date.accessioned | 2015-08-27T09:34:57Z | - |
dc.date.available | 2015-08-27T09:34:57Z | - |
dc.date.issued | 2015-08-27T09:34:57Z | - |
dc.identifier.uri | http://nccur.lib.nccu.edu.tw/handle/140.119/78009 | - |
dc.description.abstract | We present automata-based static string analysis techniques that automatically generate sanitization statements for patching vulnerable web applications. Our approach consists of three phases: Given an attack pattern we first conduct a vulnerability analysis to identify if strings that match the attack pattern can reach the security-sensitive functions. Next, we compute vulnerability signatures that characterize all input strings that can exploit the discovered vulnerability. Given the vulnerability signatures, we then construct sanitization statements that 1) check if a given input matches the vulnerability signature and 2) modify the input in a minimal way so that the modified input does not match the vulnerability signature. Our approach is capable of generating relational vulnerability signatures (and corresponding sanitization statements) for vulnerabilities that are due to more than one input. | |
dc.format.extent | 1021848 bytes | - |
dc.format.mimetype | application/pdf | - |
dc.relation | ICSE `11 Proceedings of the 33rd International Conference on Software Engineering,251-260 | |
dc.subject | Sanitization Synthesis;String Analysis;Automata | |
dc.title | Patching vulnerabilities with sanitization synthesis | |
dc.type | conference | en |
dc.identifier.doi | 10.1145/1985793.1985828 | |
dc.doi.uri | http://dx.doi.org/10.1145/1985793.1985828 | |
item.grantfulltext | open | - |
item.cerifentitytype | Publications | - |
item.fulltext | With Fulltext | - |
item.openairecristype | http://purl.org/coar/resource_type/c_18cf | - |
item.openairetype | conference | - |
Appears in Collections: | 會議論文 |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
251-260.pdf | 997.9 kB | Adobe PDF2 | View/Open |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.