| dc.contributor | 資管系 | |
| dc.creator (作者) | 郁方 | zh_TW |
| dc.creator (作者) | Wang, Hung En | en_US |
| dc.creator (作者) | Tsai, Tzung Lin | en_US |
| dc.creator (作者) | Lin, Chun Han | en_US |
| dc.creator (作者) | Yu, Fang | en_US |
| dc.creator (作者) | Jiang, Jie-Hong Roland | en_US |
| dc.date (日期) | 2016 | |
| dc.date.accessioned | 1-Sep-2017 10:05:53 (UTC+8) | - |
| dc.date.available | 1-Sep-2017 10:05:53 (UTC+8) | - |
| dc.date.issued (上傳時間) | 1-Sep-2017 10:05:53 (UTC+8) | - |
| dc.identifier.uri (URI) | http://nccur.lib.nccu.edu.tw/handle/140.119/112484 | - |
| dc.description.abstract (摘要) | Many severe security vulnerabilities in web applications can be attributed to string manipulation mistakes, which can often be avoided through formal string analysis. String analysis tools are indispensable and under active development. Prior string analysis methods are primarily automata-based or satisfiability-based. The two approaches exhibit distinct strengths and weaknesses. Specifically, existing automata-based methods have difficulty in generating counterexamples at system inputs to witness vulnerability, whereas satisfiability-based methods are inadequate to produce filters amenable for firmware or hardware implementation for real-time screening of malicious inputs to a system under protection. In this paper, we propose a new string analysis method based on a scalable logic circuit representation for (nondeterministic) finite automata to support various string and automata manipulation operations. It enables both counterexample generation and filter synthesis in string constraint solving. By using the new data structure, automata with large state spaces and/or alphabet sizes can be efficiently represented. Empirical studies on a large set of open source web applications and well-known attack patterns demonstrate the unique benefits of our method compared to prior string analysis tools. | |
| dc.format.extent | 19170337 bytes | - |
| dc.format.mimetype | application/pdf | - |
| dc.relation (關聯) | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 9779, 241-260 | en_US |
| dc.subject (關鍵詞) | Computer aided analysis; Firmware; Formal logic; Hardware; Logic circuits; Reconfigurable hardware; World Wide Web; Attack patterns; Constraint Solving; Empirical studies; Hardware implementations; Satisfiability; Security vulnerabilities; String analysis; WEB application; Computer circuits | |
| dc.title (題名) | String analysis via automata manipulation with logic circuit representation | en_US |
| dc.type (資料類型) | conference | |
| dc.identifier.doi (DOI) | 10.1007/978-3-319-41528-4_13 | |
| dc.doi.uri (DOI) | http://dx.doi.org/10.1007/978-3-319-41528-4_13 | |
