| dc.contributor | 資訊管理學系 | |
| dc.creator (作者) | Yu, Fang;Alkhalaf, Muath;Bultan, Tevfik | |
| dc.creator (作者) | 郁方 | zh_TW |
| dc.date (日期) | 2011-05 | |
| dc.date.accessioned | 27-Aug-2015 17:34:57 (UTC+8) | - |
| dc.date.available | 27-Aug-2015 17:34:57 (UTC+8) | - |
| dc.date.issued (上傳時間) | 27-Aug-2015 17:34:57 (UTC+8) | - |
| dc.identifier.uri (URI) | http://nccur.lib.nccu.edu.tw/handle/140.119/78009 | - |
| dc.description.abstract (摘要) | We present automata-based static string analysis techniques that automatically generate sanitization statements for patching vulnerable web applications. Our approach consists of three phases: Given an attack pattern we first conduct a vulnerability analysis to identify if strings that match the attack pattern can reach the security-sensitive functions. Next, we compute vulnerability signatures that characterize all input strings that can exploit the discovered vulnerability. Given the vulnerability signatures, we then construct sanitization statements that 1) check if a given input matches the vulnerability signature and 2) modify the input in a minimal way so that the modified input does not match the vulnerability signature. Our approach is capable of generating relational vulnerability signatures (and corresponding sanitization statements) for vulnerabilities that are due to more than one input. | |
| dc.format.extent | 1021848 bytes | - |
| dc.format.mimetype | application/pdf | - |
| dc.relation (關聯) | ICSE `11 Proceedings of the 33rd International Conference on Software Engineering,251-260 | |
| dc.subject (關鍵詞) | Sanitization Synthesis;String Analysis;Automata | |
| dc.title (題名) | Patching vulnerabilities with sanitization synthesis | |
| dc.type (資料類型) | conference | en |
| dc.identifier.doi (DOI) | 10.1145/1985793.1985828 | |
| dc.doi.uri (DOI) | http://dx.doi.org/10.1145/1985793.1985828 | |
