Effective software vulnerability detection for web services
Grant number: LP140100437 | Funding period: 2015 - 2019
This project aims to design and implement new and better methods to find vulnerabilities in software services delivered over the web or through the cloud, as well as methods for proving the absence of certain types of vulnerability. So-called injection attacks are pervasive and generally considered the most important security threat on today's Internet. The programming languages used for software services tend to use strings as a universal data structure, which unfortunately makes it hard to separate trusted code from untrusted user-provided data. This project intends to develop novel program analysis tools and string constraint solvers, and employ these tools to support sophisticated automa..View full description
Related publications (15)
Reference Abstract Domains and Applications to String Analysis
Roberto Amadini, Graeme Gange, Francois Gauthier, Alexander Jordan, Peter Schachte, Harald Sondergaard, Peter J Stuckey, Chenyi Zhang
Abstract interpretation is a well established theory that supports reasoning about the run-time behaviour of programs. It achieves..
Roberto Amadini, Alexander Jordan, Graeme Gange, Francois Gauthier, Peter Schachte, Harald Sondergaard, Peter J Stuckey, Chenyi Zhang
A complete refinement procedure for regular separability of context-free languages
Graeme Gange, Jorge A Navas, Peter Schachte, Harald Sondergaard, Peter J Stuckey
Often, when analyzing the behaviour of systems modelled as context-free languages, we wish to know if two languages overlap. To th..