A Symbolic Execution Framework for Java']JavaScript

被引：192

作者：

Saxena, Prateek ^{[1
]}

Akhawe, Devdatta ^{[1
]}

Hanna, Steve ^{[1
]}

Mao, Feng ^{[1
]}

McCamant, Stephen ^{[1
]}

Song, Dawn ^{[1
]}

机构：

[1] Univ Calif Berkeley, Dept EECS, Div Comp Sci, Berkeley, CA 94720 USA

来源：

2010 IEEE SYMPOSIUM ON SECURITY AND PRIVACY | 2010年

关键词：

web security; symbolic execution; string decision procedures;

D O I：

10.1109/SP.2010.38

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

As AJAX applications gain popularity, client-side JavaScript code is becoming increasingly complex. However, few automated vulnerability analysis tools for JavaScript exist. In this paper, we describe the first system for exploring the execution space of JavaScript code using symbolic execution. To handle JavaScript code's complex use of string operations, we design a new language of string constraints and implement a solver for it. We build an automatic end-to-end tool, Kudzu, and apply it to the problem of finding client-side code injection vulnerabilities. In experiments on 18 live web applications, Kudzu automatically discovers 2 previously unknown vulnerabilities and 9 more that were previously found only with a manually-constructed test suite.

引用

页码：513 / 528

页数：16

共 50 条

[31] Linvail: A General-Purpose Platform for Shadow Execution of Java']JavaScript
Christophe, Laurent
Boix, Elisa Gonzalez
De Meuter, Wolfgang
De Roover, Coen
2016 IEEE 23RD INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION, AND REENGINEERING (SANER), VOL 1, 2016, : 260 - 270
[32] Validating converted java code via symbolic execution
Sneed, Harry M.
Verhoef, Chris
Lecture Notes in Business Information Processing, 2017, 269 : 70 - 83
[33] SymJS']JS: Automatic Symbolic Testing of Java']JavaScript Web Applications
Li, Guodong
Andreasen, Esben
Ghosh, Indradeep
22ND ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (FSE 2014), 2014, : 449 - 459
[34] Symbolic PathFinder: integrating symbolic execution with model checking for Java bytecode analysis
Corina S. Păsăreanu
Willem Visser
David Bushnell
Jaco Geldenhuys
Peter Mehlitz
Neha Rungta
Automated Software Engineering, 2013, 20 : 391 - 425
[35] Factors and actors leading to the adoption of a Java']JavaScript framework
Pano, Amantia
Graziotin, Daniel
Abrahamsson, Pekka
EMPIRICAL SOFTWARE ENGINEERING, 2018, 23 (06) : 3503 - 3534
[36] A framework for programmatically designing user interfaces in Java']JavaScript
Larkin, Henry
INTERNATIONAL JOURNAL OF PERVASIVE COMPUTING AND COMMUNICATIONS, 2015, 11 (03) : 254 - 269
[37] Jaint: A Framework for User-Defined Dynamic Taint-Analyses Based on Dynamic Symbolic Execution of Java']Java Programs
Mues, Malte
Schallau, Till
Howar, Falk
INTEGRATED FORMAL METHODS, IFM 2020, 2020, 12546 : 123 - 140
[38] A Java']Java framework for massively distributed symbolic computing
Bernardin, L
MATHEMATICS AND COMPUTERS IN SIMULATION, 1999, 49 (03) : 151 - 160
[39] Improving Static Initialization Block Handling in Java']Java Symbolic Execution Engine
Pengo, Edit
Siket, Istvan
COMPUTATIONAL SCIENCE AND ITS APPLICATIONS - ICCSA 2017, PT V, 2017, 10408 : 561 - 574
[40] Scalable framework for parsing: from Fortress to Java']JavaScript
Ryu, Sukyoung
SOFTWARE-PRACTICE & EXPERIENCE, 2016, 46 (09): : 1219 - 1238

← 1 2 3 4 5 →