Mon 13 Jun 2016 15:30 - 17:00 at Santa Cruz East - String Analysis for Vulnerability Detection and Repair
The goal of string analysis techniques is to determine the set of values that string expressions can take during program execution. Like many other program analysis problems, it is not possible to precisely determine the set of string values that can reach a program point. However, one can compute over or under-approximations of possible string values. If the approximations are precise enough, they can enable analyzers to demonstrate existence or non-existence of bugs in string manipulating code. Analyzing string manipulating code is a of interest to many areas of current research in programming languages community since string manipulation is a crucial part of modern software systems. For example string manipulation is extensively used in input validation and sanitization and in dynamic code and query generation.
String analysis has been an active research area in the last decade, resulting in a wide variety of string analysis techniques. In this tutorial, we will discuss automated string analysis techniques, focusing particularly on automata-based static string analysis. Topics we plan to discuss include symbolic string analysis, string constraint solving, symbolic execution using string constraints, automated repair for string manipulating code, and model counting for string constraints for side channel analysis.
Conference DayMon 13 JunDisplayed time zone: Tijuana, Baja California change
13:30 - 15:00
|String Analysis for Vulnerability Detection and Repair|