String analysis for software verification and security /

String analysis for software verification and security /

Saved in:
Bibliographic Details
Author / Creator:Bultan, Tevfik, author.
Imprint:Cham, Switzerland : Springer, [2017]
©2017
Description:1 online resource
Language:English
Subject:
Computer software -- Verification.
Computer software -- Verification.
Format: E-Resource Book
URL for this record:http://pi.lib.uchicago.edu/1001/cat/bib/11451864
Hidden Bibliographic Details
Other authors / contributors:Yu, Fang, author.
Alkhalaf, Muath Abdullah, author.
Aydin, Abdulbaki, author.
ISBN:9783319686707
3319686704
3319686682
9783319686684
9783319686684
Digital file characteristics:text file PDF
Notes:Online resource; title from PDF title page (EBSCO, viewed January 12, 2018).
Includes bibliographical references.
Summary:"This book discusses automated string-analysis techniques, focusing particularly on automata-based static string analysis. It covers the following topics: automata-bases string analysis, computing pre and post-conditions of basic string operations using automata, symbolic representation of automata, forward and backward string analysis using symbolic automata representation, constraint-based string analysis, string constraint solvers, relational string analysis, vulnerability detection using string analysis, string abstractions, differential string analysis, and automated sanitization synthesis using string analysis. String manipulation is a crucial part of modern software systems; for example, it is used extensively in input validation and sanitization and in dynamic code and query generation. The goal of string-analysis techniques and this book is to determine the set of values that string expressions can take during program execution. String analysis can be used to solve many problems in modern software systems that relate to string manipulation, such as: (1) Identifying security vulnerabilities by checking if a security sensitive function can receive an input string that contains an exploit; (2) Identifying possible behaviors of a program by identifying possible values for dynamically generated code; (3) Identifying html generation errors by computing the html code generated by web applications; (4) Identifying the set of queries that are sent to back-end database by analyzing the code that generates the SQL queries; (5) Patching input validation and sanitization functions by automatically synthesizing repairs illustrated in this book. Like many other program-analysis problems, it is not possible to solve the string analysis problem precisely (i.e., it is not possible to precisely determine the set of string values that can reach a program point). However, one can compute over- or under-approximations of possible string values. If the approximations are precise enough, they can enable developers to demonstrate existence or absence of bugs in string manipulating code. String analysis has been an active research area in the last decade, resulting in a wide variety of string-analysis techniques. This book will primarily target researchers and professionals working in computer security, software verification, formal methods, software engineering and program analysis. Advanced level students or instructors teaching or studying courses in computer security, software verification or program analysis will find this book useful as a secondary text."--
Other form:Printed edition: 9783319686684
Standard no.:10.1007/978-3-319-68670-7

MARC

LEADER 00000cam a2200000Ii 4500
001 11451864
006 m o d
007 cr cnu|||unuuu
008 180108s2017 sz ob 001 0 eng d
005 20240701203241.1
015 |a GBB8N8480  |2 bnb 
016 7 |a 019168923  |2 Uk 
019 |a 1021195351  |a 1048115718  |a 1058693217  |a 1058904932  |a 1066646085  |a 1097056122 
020 |a 9783319686707  |q (electronic bk.) 
020 |a 3319686704  |q (electronic bk.) 
020 |a 3319686682 
020 |a 9783319686684 
020 |z 9783319686684 
024 7 |a 10.1007/978-3-319-68670-7  |2 doi 
035 |a (OCoLC)1018307742  |z (OCoLC)1021195351  |z (OCoLC)1048115718  |z (OCoLC)1058693217  |z (OCoLC)1058904932  |z (OCoLC)1066646085  |z (OCoLC)1097056122 
035 9 |a (OCLCCM-CC)1018307742 
037 |a com.springer.onix.9783319686707  |b Springer Nature 
040 |a N$T  |b eng  |e rda  |e pn  |c N$T  |d N$T  |d GW5XE  |d AZU  |d OCLCF  |d OCLCQ  |d UAB  |d MERER  |d IOG  |d OCLCQ  |d COO  |d OCLCQ  |d OHI  |d KSU  |d VT2  |d U3W  |d OCLCQ  |d ESU  |d WYU  |d UWO  |d LVT  |d OCLCQ  |d UKMGB  |d CAUOI  |d AUD  |d UX1  |d OCLCQ  |d OCLCO  |d OCLCQ 
049 |a MAIN 
050 4 |a QA76.76.V47 
072 7 |a COM  |x 051330  |2 bisacsh 
072 7 |a UR  |2 bicssc 
072 7 |a UTN  |2 bicssc 
100 1 |a Bultan, Tevfik,  |e author.  |0 http://id.loc.gov/authorities/names/no2008117389 
245 1 0 |a String analysis for software verification and security /  |c Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin. 
264 1 |a Cham, Switzerland :  |b Springer,  |c [2017] 
264 4 |c ©2017 
300 |a 1 online resource 
336 |a text  |b txt  |2 rdacontent 
337 |a computer  |b c  |2 rdamedia 
338 |a online resource  |b cr  |2 rdacarrier 
347 |a text file  |b PDF  |2 rda 
500 |a Online resource; title from PDF title page (EBSCO, viewed January 12, 2018). 
504 |a Includes bibliographical references. 
520 |a "This book discusses automated string-analysis techniques, focusing particularly on automata-based static string analysis. It covers the following topics: automata-bases string analysis, computing pre and post-conditions of basic string operations using automata, symbolic representation of automata, forward and backward string analysis using symbolic automata representation, constraint-based string analysis, string constraint solvers, relational string analysis, vulnerability detection using string analysis, string abstractions, differential string analysis, and automated sanitization synthesis using string analysis. String manipulation is a crucial part of modern software systems; for example, it is used extensively in input validation and sanitization and in dynamic code and query generation. The goal of string-analysis techniques and this book is to determine the set of values that string expressions can take during program execution. String analysis can be used to solve many problems in modern software systems that relate to string manipulation, such as: (1) Identifying security vulnerabilities by checking if a security sensitive function can receive an input string that contains an exploit; (2) Identifying possible behaviors of a program by identifying possible values for dynamically generated code; (3) Identifying html generation errors by computing the html code generated by web applications; (4) Identifying the set of queries that are sent to back-end database by analyzing the code that generates the SQL queries; (5) Patching input validation and sanitization functions by automatically synthesizing repairs illustrated in this book. Like many other program-analysis problems, it is not possible to solve the string analysis problem precisely (i.e., it is not possible to precisely determine the set of string values that can reach a program point). However, one can compute over- or under-approximations of possible string values. If the approximations are precise enough, they can enable developers to demonstrate existence or absence of bugs in string manipulating code. String analysis has been an active research area in the last decade, resulting in a wide variety of string-analysis techniques. This book will primarily target researchers and professionals working in computer security, software verification, formal methods, software engineering and program analysis. Advanced level students or instructors teaching or studying courses in computer security, software verification or program analysis will find this book useful as a secondary text."--  |c Provided by publisher. 
505 0 |a 1 Introduction: String Manipulating Programs and Difficulty of Their Analysis -- 2 String Manipulating Programs and Difficulty of Their Analysis -- 3 State Space Exploration -- 4 Automata Based String Analysis -- 5 Relational String Analysis -- 6 Abstraction and Approximation -- 7 Constraint-based String Analysis -- 8 Vulnerability Detection and Sanitization Synthesis -- 9 Differential String Analysis and Repair -- 10 Tools -- 11 A Brief Survey of Related Work -- 12 Conclusions. 
650 0 |a Computer software  |x Verification.  |0 http://id.loc.gov/authorities/subjects/sh85029537 
650 7 |a COMPUTERS  |x Software Development & Engineering  |x Quality Assurance & Testing.  |2 bisacsh 
650 7 |a Programming & scripting languages: general.  |2 bicssc 
650 7 |a Software Engineering.  |2 bicssc 
650 7 |a Computer programming  |x software development.  |2 bicssc 
650 7 |a Mathematical theory of computation.  |2 bicssc 
650 7 |a Maths for computer scientists.  |2 bicssc 
650 7 |a Computer security.  |2 bicssc 
650 7 |a Computer software  |x Verification.  |2 fast  |0 (OCoLC)fst00872604 
655 4 |a Electronic books 
700 1 |a Yu, Fang,  |e author. 
700 1 |a Alkhalaf, Muath Abdullah,  |e author.  |0 http://id.loc.gov/authorities/names/no2016082173 
700 1 |a Aydin, Abdulbaki,  |e author. 
776 0 8 |i Printed edition:  |z 9783319686684 
903 |a HeVa 
929 |a oclccm 
999 f f |i e6ccb065-4a25-59cf-9c47-c651b58f1406  |s bc328cbc-3420-59ce-bd56-61cf5de675dc 
928 |t Library of Congress classification  |a QA76.76.V47  |l Online  |c UC-FullText  |u https://link.springer.com/10.1007/978-3-319-68670-7  |z Springer Nature  |g ebooks  |i 12552014 

Similar Items