Most common vulnerabilities in modern software applications are due to errors in string manipulation code. String constraint solvers are essential components of program analysis techniques for detecting and repairing vulnerabilities that are due to string manipulation errors. In this dissertation, we present an automata-based string constraint solver for vulnerability analysis of string manipulating programs.Given a string constraint, we generate an automaton that accepts all solutions that satisfy the constraint. Our string constraint solver can also map linear arithmetic constraints to automata in order to handle constraints on string lengths. By integrating our string constraint solver to a symbolic execution tool, we can check for st...
Abstract. There has been significant recent interest in automated rea-soning techniques, in particul...
String constraint solving is an important emerging field, given the ubiquity of strings over differe...
Web applications are exposed to myriad security vulnerabilities related to malicious user string inp...
Abstract. Most common vulnerabilities in Web applications are due to string manipulation errors in i...
Verifying string manipulating programs is a crucial problem in computer security. String operations ...
As an important extension of symbolic execution (SE), probabilistic symbolic execution (PSE) compute...
Software testing is an integral part of the software development process. To test certain parts of s...
Model counting is the problem of determining the number of so-lutions that satisfy a given set of co...
Motivated by the vulnerability analysis of web programs which work on string inputs, we present S3, ...
Abstract. We present an automata-based approach for the verification of string operations in PHP pro...
String analysis is the problem of reasoning about how strings are manipulated by a program. It has n...
Symbolic execution [4] is a popular program analysis technique which executes programs on unspecifie...
peer reviewedConstraint solving is an essential technique for detecting vulnerabilities in programs,...
Bugs in user input sanitation of software systems often lead to vulnerabilities. Among them many are...
Probabilistic Symbolic Execution (PSE) extends Symbolic Execution (SE), a path-sensitive static prog...
Abstract. There has been significant recent interest in automated rea-soning techniques, in particul...
String constraint solving is an important emerging field, given the ubiquity of strings over differe...
Web applications are exposed to myriad security vulnerabilities related to malicious user string inp...
Abstract. Most common vulnerabilities in Web applications are due to string manipulation errors in i...
Verifying string manipulating programs is a crucial problem in computer security. String operations ...
As an important extension of symbolic execution (SE), probabilistic symbolic execution (PSE) compute...
Software testing is an integral part of the software development process. To test certain parts of s...
Model counting is the problem of determining the number of so-lutions that satisfy a given set of co...
Motivated by the vulnerability analysis of web programs which work on string inputs, we present S3, ...
Abstract. We present an automata-based approach for the verification of string operations in PHP pro...
String analysis is the problem of reasoning about how strings are manipulated by a program. It has n...
Symbolic execution [4] is a popular program analysis technique which executes programs on unspecifie...
peer reviewedConstraint solving is an essential technique for detecting vulnerabilities in programs,...
Bugs in user input sanitation of software systems often lead to vulnerabilities. Among them many are...
Probabilistic Symbolic Execution (PSE) extends Symbolic Execution (SE), a path-sensitive static prog...
Abstract. There has been significant recent interest in automated rea-soning techniques, in particul...
String constraint solving is an important emerging field, given the ubiquity of strings over differe...
Web applications are exposed to myriad security vulnerabilities related to malicious user string inp...