English  |  正體中文  |  简体中文  |  Post-Print筆數 : 27 |  Items with full text/Total items : 95844/126434 (76%)
Visitors : 31593292      Online Users : 406
RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    政大機構典藏 > 商學院 > 資訊管理學系 > 會議論文 >  Item 140.119/112484
    Please use this identifier to cite or link to this item: http://nccur.lib.nccu.edu.tw/handle/140.119/112484

    Title: String analysis via automata manipulation with logic circuit representation
    Authors: 郁方
    Wang, Hung En
    Tsai, Tzung Lin
    Lin, Chun Han
    Yu, Fang
    Jiang, Jie-Hong Roland
    Contributors: 資管系
    Keywords: Computer aided analysis;Firmware;Formal logic;Hardware;Logic circuits;Reconfigurable hardware;World Wide Web;Attack patterns;Constraint Solving;Empirical studies;Hardware implementations;Satisfiability;Security vulnerabilities;String analysis;WEB application;Computer circuits
    Date: 2016
    Issue Date: 2017-09-01 10:05:53 (UTC+8)
    Abstract: Many severe security vulnerabilities in web applications can be attributed to string manipulation mistakes, which can often be avoided through formal string analysis. String analysis tools are indispensable and under active development. Prior string analysis methods are primarily automata-based or satisfiability-based. The two approaches exhibit distinct strengths and weaknesses. Specifically, existing automata-based methods have difficulty in generating counterexamples at system inputs to witness vulnerability, whereas satisfiability-based methods are inadequate to produce filters amenable for firmware or hardware implementation for real-time screening of malicious inputs to a system under protection. In this paper, we propose a new string analysis method based on a scalable logic circuit representation for (nondeterministic) finite automata to support various string and automata manipulation operations. It enables both counterexample generation and filter synthesis in string constraint solving. By using the new data structure, automata with large state spaces and/or alphabet sizes can be efficiently represented. Empirical studies on a large set of open source web applications and well-known attack patterns demonstrate the unique benefits of our method compared to prior string analysis tools.
    Relation: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 9779, 241-260
    Data Type: conference
    DOI 連結: http://dx.doi.org/10.1007/978-3-319-41528-4_13
    DOI: 10.1007/978-3-319-41528-4_13
    Appears in Collections:[資訊管理學系] 會議論文

    Files in This Item:

    File SizeFormat
    241.pdf18721KbAdobe PDF217View/Open

    All items in 政大典藏 are protected by copyright, with all rights reserved.

    社群 sharing

    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - Feedback