String Analysis for Software Verification and Security
Autor Tevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydinen Limba Engleză Hardback – 30 ian 2018
String manipulation is a crucial part of modern software systems; for example, it is used extensively in input validation and sanitization and in dynamic code and query generation. The goal of string-analysis techniques and this book is to determine the set of values that string expressions can take during program execution. String analysis can be used to solve many problems in modern software systems that relate to string manipulation, such as: (1) Identifying security vulnerabilities by checking if a security sensitive function can receive an input string that contains an exploit; (2) Identifying possible behaviors of a program by identifying possible values for dynamically generated code; (3) Identifying html generation errors by computing the html code generated by web applications; (4) Identifying the set of queries that are sent to back-end database by analyzing the code that generates the SQL queries; (5) Patching input validation and sanitization functions by automatically synthesizing repairs illustrated in this book.
Like many other program-analysis problems, it is not possible to solve the string analysis problem precisely (i.e., it is not possible to precisely determine the set of string values that can reach aprogram point). However, one can compute over- or under-approximations of possible string values. If the approximations are precise enough, they can enable developers to demonstrate existence or absence of bugs in string manipulating code. String analysis has been an active research area in the last decade, resulting in a wide variety of string-analysis techniques.
This book will primarily target researchers and professionals working in computer security, software verification, formal methods, software engineering and program analysis. Advanced level students or instructors teaching or studying courses in computer security, software verification or program analysis will find this book useful as a secondary text.
Toate formatele și edițiile | Preț | Express |
---|---|---|
Paperback (1) | 400.58 lei 6-8 săpt. | |
Springer International Publishing – 6 iun 2019 | 400.58 lei 6-8 săpt. | |
Hardback (1) | 572.49 lei 6-8 săpt. | |
Springer International Publishing – 30 ian 2018 | 572.49 lei 6-8 săpt. |
Preț: 572.49 lei
Preț vechi: 715.62 lei
-20% Nou
Puncte Express: 859
Preț estimativ în valută:
109.55€ • 115.22$ • 91.54£
109.55€ • 115.22$ • 91.54£
Carte tipărită la comandă
Livrare economică 09-23 ianuarie 25
Preluare comenzi: 021 569.72.76
Specificații
ISBN-13: 9783319686684
ISBN-10: 3319686682
Pagini: 176
Ilustrații: IX, 174 p. 74 illus., 6 illus. in color.
Dimensiuni: 155 x 235 mm
Greutate: 0.44 kg
Ediția:1st ed. 2017
Editura: Springer International Publishing
Colecția Springer
Locul publicării:Cham, Switzerland
ISBN-10: 3319686682
Pagini: 176
Ilustrații: IX, 174 p. 74 illus., 6 illus. in color.
Dimensiuni: 155 x 235 mm
Greutate: 0.44 kg
Ediția:1st ed. 2017
Editura: Springer International Publishing
Colecția Springer
Locul publicării:Cham, Switzerland
Cuprins
1 Introduction: String Manipulating Programs and Difficulty of Their Analysis.- 2 String Manipulating Programs and Difficulty of Their Analysis.- 3 State Space Exploration.- 4 Automata Based String Analysis.- 5 Relational String Analysis.- 6 Abstraction and Approximation.- 7 Constraint-based String Analysis.- 8 Vulnerability Detection and Sanitization Synthesis.- 9 Differential String Analysis and Repair.- 10 Tools.- 11 A Brief Survey of Related Work.- 12 Conclusions.
Recenzii
“The book can be said to be tailored as a handy manual for researchers looking for algebraic approaches based on the manipulation of regular expressions (in a large sense) and on solving string constraints, over inputs provided by users in web applications, for handling security issues in these applications.” (Siva Anantharaman, Mathematical Reviews, November, 2019)
Caracteristici
This is the first existing book focusing on string analysis Discusses how string analysis techniques work and how they can be applied to vulnerability detection in modern software applications This book can be used as a textbook for a course on string analysis, or as a supplementary book for a course on vulnerability detection