000808258 000__ 04809cam\a2200493Ii\4500
000808258 001__ 808258
000808258 005__ 20230306143955.0
000808258 006__ m\\\\\o\\d\\\\\\\\
000808258 007__ cr\cn\nnnunnun
000808258 008__ 180108s2017\\\\sz\\\\\\ob\\\\001\0\eng\d
000808258 019__ $$a1021195351
000808258 020__ $$a9783319686707$$q(electronic book)
000808258 020__ $$a3319686704$$q(electronic book)
000808258 020__ $$z9783319686684
000808258 0247_ $$a10.1007/978-3-319-68670-7$$2doi
000808258 035__ $$aSP(OCoLC)on1018307742
000808258 035__ $$aSP(OCoLC)1018307742$$z(OCoLC)1021195351
000808258 040__ $$aN$T$$beng$$erda$$epn$$cN$T$$dN$T$$dGW5XE$$dAZU$$dOCLCF$$dOCLCQ
000808258 049__ $$aISEA
000808258 050_4 $$aQA76.76.V47
000808258 08204 $$a005.14$$223
000808258 1001_ $$aBultan, Tevfik,$$eauthor.
000808258 24510 $$aString analysis for software verification and security /$$cTevfik Bultan, Fang Yu, Muath Alkhalaf, Abdulbaki Aydin.
000808258 264_1 $$aCham, Switzerland :$$bSpringer,$$c[2017]
000808258 264_4 $$c©2017
000808258 300__ $$a1 online resource
000808258 336__ $$atext$$btxt$$2rdacontent
000808258 337__ $$acomputer$$bc$$2rdamedia
000808258 338__ $$aonline resource$$bcr$$2rdacarrier
000808258 347__ $$atext file$$bPDF$$2rda
000808258 500__ $$aOnline resource; title from PDF title page (viewed January 12, 2018).
000808258 504__ $$aIncludes bibliographical references.
000808258 5050_ $$a1 Introduction: String Manipulating Programs and Difficulty of Their Analysis -- 2 String Manipulating Programs and Difficulty of Their Analysis -- 3 State Space Exploration -- 4 Automata Based String Analysis -- 5 Relational String Analysis -- 6 Abstraction and Approximation -- 7 Constraint-based String Analysis -- 8 Vulnerability Detection and Sanitization Synthesis -- 9 Differential String Analysis and Repair -- 10 Tools -- 11 A Brief Survey of Related Work -- 12 Conclusions.
000808258 506__ $$aAccess limited to authorized users.
000808258 520__ $$a"This book discusses automated string-analysis techniques, focusing particularly on automata-based static string analysis. It covers the following topics: automata-bases string analysis, computing pre and post-conditions of basic string operations using automata, symbolic representation of automata, forward and backward string analysis using symbolic automata representation, constraint-based string analysis, string constraint solvers, relational string analysis, vulnerability detection using string analysis, string abstractions, differential string analysis, and automated sanitization synthesis using string analysis. String manipulation is a crucial part of modern software systems; for example, it is used extensively in input validation and sanitization and in dynamic code and query generation. The goal of string-analysis techniques and this book is to determine the set of values that string expressions can take during program execution. String analysis can be used to solve many problems in modern software systems that relate to string manipulation, such as: (1) Identifying security vulnerabilities by checking if a security sensitive function can receive an input string that contains an exploit; (2) Identifying possible behaviors of a program by identifying possible values for dynamically generated code; (3) Identifying html generation errors by computing the html code generated by web applications; (4) Identifying the set of queries that are sent to back-end database by analyzing the code that generates the SQL queries; (5) Patching input validation and sanitization functions by automatically synthesizing repairs illustrated in this book. Like many other program-analysis problems, it is not possible to solve the string analysis problem precisely (i.e., it is not possible to precisely determine the set of string values that can reach a program point). However, one can compute over- or under-approximations of possible string values. If the approximations are precise enough, they can enable developers to demonstrate existence or absence of bugs in string manipulating code. String analysis has been an active research area in the last decade, resulting in a wide variety of string-analysis techniques. This book will primarily target researchers and professionals working in computer security, software verification, formal methods, software engineering and program analysis. Advanced level students or instructors teaching or studying courses in computer security, software verification or program analysis will find this book useful as a secondary text."--$$cProvided by publisher.
000808258 650_0 $$aComputer software$$xVerification.
000808258 7001_ $$aYu, Fang,$$eauthor.
000808258 7001_ $$aAlkhalaf, Muath,$$eauthor.
000808258 7001_ $$aAydin, Abdulbaki,$$eauthor.
000808258 77608 $$iPrint version:$$z9783319686684
000808258 852__ $$bebk
000808258 85640 $$3SpringerLink$$uhttps://univsouthin.idm.oclc.org/login?url=http://link.springer.com/10.1007/978-3-319-68670-7$$zOnline Access$$91397441.1
000808258 909CO $$ooai:library.usi.edu:808258$$pGLOBAL_SET
000808258 980__ $$aEBOOK
000808258 980__ $$aBIB
000808258 982__ $$aEbook
000808258 983__ $$aOnline
000808258 994__ $$a92$$bISE