政大機構典藏-National Chengchi University Institutional Repository(NCCUR):Item 140.119/112484

English | 正體中文 | 简体中文 | Post-Print筆數 : 27 | Items with full text/Total items : 109953/140892 (78%)
Visitors : 46222283 Online Users : 530

RC Version 6.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.

Scope

please add "double quotation mark" for query phrases to get precise results

please goto advance search for comprehansive author search

Adv. Search

Home ‧ Login ‧ Upload ‧ Help ‧ About ‧ Administer

Goto mobile version

政大機構典藏 > 商學院 > 資訊管理學系 > 會議論文 > Item 140.119/112484

Please use this identifier to cite or link to this item: https://nccur.lib.nccu.edu.tw/handle/140.119/112484

Title:	String analysis via automata manipulation with logic circuit representation
Authors:	郁方 Wang, Hung En Tsai, Tzung Lin Lin, Chun Han Yu, Fang Jiang, Jie-Hong Roland
Contributors:	資管系
Keywords:	Computer aided analysis;Firmware;Formal logic;Hardware;Logic circuits;Reconfigurable hardware;World Wide Web;Attack patterns;Constraint Solving;Empirical studies;Hardware implementations;Satisfiability;Security vulnerabilities;String analysis;WEB application;Computer circuits
Date:	2016
Issue Date:	2017-09-01 10:05:53 (UTC+8)
Abstract:	Many severe security vulnerabilities in web applications can be attributed to string manipulation mistakes, which can often be avoided through formal string analysis. String analysis tools are indispensable and under active development. Prior string analysis methods are primarily automata-based or satisfiability-based. The two approaches exhibit distinct strengths and weaknesses. Specifically, existing automata-based methods have difficulty in generating counterexamples at system inputs to witness vulnerability, whereas satisfiability-based methods are inadequate to produce filters amenable for firmware or hardware implementation for real-time screening of malicious inputs to a system under protection. In this paper, we propose a new string analysis method based on a scalable logic circuit representation for (nondeterministic) finite automata to support various string and automata manipulation operations. It enables both counterexample generation and filter synthesis in string constraint solving. By using the new data structure, automata with large state spaces and/or alphabet sizes can be efficiently represented. Empirical studies on a large set of open source web applications and well-known attack patterns demonstrate the unique benefits of our method compared to prior string analysis tools.
Relation:	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 9779, 241-260
Data Type:	conference
DOI 連結:	http://dx.doi.org/10.1007/978-3-319-41528-4_13
DOI:	10.1007/978-3-319-41528-4_13
Appears in Collections:	[資訊管理學系] 會議論文

Files in This Item:

File	Size	Format
241.pdf	18721Kb	Adobe PDF2	367	View/Open

All items in 政大典藏 are protected by copyright, with all rights reserved.

社群 sharing

著作權政策宣告 Copyright Announcement

1.本網站之數位內容為國立政治大學所收錄之機構典藏，無償提供學術研究與公眾教育等公益性使用，惟仍請適度，合理使用本網站之內容，以尊重著作權人之權益。商業上之利用，則請先取得著作權人之授權。
The digital content of this website is part of National Chengchi University Institutional Repository. It provides free access to academic research and public education for non-commercial use. Please utilize it in a proper and reasonable manner and respect the rights of copyright owners. For commercial use, please obtain authorization from the copyright owner in advance.

2.本網站之製作，已盡力防止侵害著作權人之權益，如仍發現本網站之數位內容有侵害著作權人權益情事者，請權利人通知本網站維護人員(nccur@nccu.edu.tw)，維護人員將立即採取移除該數位著作等補救措施。
NCCU Institutional Repository is made to protect the interests of copyright owners. If you believe that any material on the website infringes copyright, please contact our staff(nccur@nccu.edu.tw). We will remove the work from the repository and investigate your claim.

DSpace Software Copyright © 2002-2004 MIT & Hewlett-Packard / Enhanced by NTU Library IR team Copyright © - Feedback