research-article

Efficient solving of string constraints for security analysis

Authors:

Cesare Tinelli,

Andrew Reynolds,

Nestan TsiskaridzeAuthors Info & Claims

HotSos '16: Proceedings of the Symposium and Bootcamp on the Science of Security

Pages 4 - 6

https://doi.org/10.1145/2898375.2898393

Published: 19 April 2016 Publication History

Abstract

Motivation The security of software is increasingly more critical for consumer confidence, protection of privacy, protection of intellectual property, and even national security. As threats to software security have become more sophisticated, so too have the techniques developed to ensure security. One basic technique that has become a fundamental tool in static security analysis is symbolic execution. There are now a number of successful approaches that rely on symbolic methods to reduce security questions about programs to constraint satisfaction problems in some formal logic (e.g., [4, 5, 7, 16]). Those problems are then solved automatically by specialized reasoners for the target logic. The found solutions are then used to construct automatically security exploits in the original programs or, more generally, identify security vulnerabilities.

References

[1]

P. A. Abdulla, M. F. Atig, Y. Chen, L. Holík, A. Rezine, P. Rümmer, and J. Stenman. Norn: An SMT solver for string constraints. In D. Kroening and C. S. Pasareanu, editors, Proceedings of the 27th International Conference on Computer Aided Verification, volume 9206 of Lecture Notes in Computer Science, pages 462--469. Springer, July 2015.

[2]

C. Barrett, C. L. Conway, M. Deters, L. Hadarean, D. Jovanović, T. King, A. Reynolds, and C. Tinelli. CVC4. In Proceedings of the 23rd International Conference on Computer Aided Verification, CAV'11, pages 171--177. Springer-Verlag, 2011.

Digital Library

[3]

N. Bjørner, N. Tillmann, and A. Voronkov. Path feasibility analysis for string-manipulating programs. In Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009, pages 307--321. Springer-Verlag, 2009.

Digital Library

[4]

D. Brumley, J. Caballero, Z. Liang, and J. Newsome. Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation. In Proceedings of the 16th USENIX Security Symposium, Boston, MA, USA, August 6-10, 2007, 2007.

Digital Library

[5]

D. Brumley, H. Wang, S. Jha, and D. X. Song. Creating vulnerability signatures using weakest preconditions. In 20th IEEE Computer Security Foundations Symposium, CSF 2007, 6-8 July 2007, Venice, Italy, pages 311--325, 2007.

Digital Library

[6]

A. S. Christensen, A. Møller, and M. I. Schwartzbach. Precise analysis of string expressions. In Proceedings of the 10th International Conference on Static Analysis, SAS'03, pages 1--18. Springer-Verlag, 2003.

Digital Library

[7]

M. Egele, C. Kruegel, E. Kirda, H. Yin, and D. Song. Dynamic spyware analysis. In 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference, ATC'07, pages 18:1--18:14, Berkeley, CA, USA, 2007. USENIX Association.

Digital Library

[8]

P. Hooimeijer and W. Weimer. A decision procedure for subset constraints over regular languages. In Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation, pages 188--198. ACM, 2009.

Digital Library

[9]

P. Hooimeijer and W. Weimer. Solving string constraints lazily. In Proceedings of the IEEE/ACM international conference on Automated software engineering, pages 377--386. ACM, 2010.

Digital Library

[10]

A. Kiezun, V. Ganesh, P. J. Guo, P. Hooimeijer, and M. D. Ernst. HAMPI: a solver for string constraints. In Proceedings of the eighteenth international symposium on Software testing and analysis, pages 105--116. ACM, 2009.

Digital Library

[11]

G. Li and I. Ghosh. PASS: String solving with parameterized array and interval automaton. In V. Bertacco and A. Legay, editors, Hardware and Software: Verification and Testing, volume 8244 of Lecture Notes in Computer Science, pages 15--31. Springer International Publishing, 2013.

[12]

T. Liang, A. Reynolds, C. Tinelli, C. Barrett, and M. Deters. A DPLL(T) theory solver for a theory of strings and regular expressions. In A. Biere and R. Bloem, editors, Proceedings of the 26th International Conference on Computer Aided Verification, volume 8559 of Lecture Notes in Computer Science. Springer, 2014.

Digital Library

[13]

T. Liang, A. Reynolds, N. Tsiskaridze, C. Tinelli, C. Barrett, and M. Deters. An efficient smt solver for string constraints. Formal Methods in System Design, 2016. (To appear).

Digital Library

[14]

T. Liang, N. Tsiskaridze, A. Reynolds, C. Tinelli, and C. Barrett. A decision procedure for regular membership and length constraints over unbounded strings. In C. Lutz and S. Ranise, editors, Proceedings of the 10th International Symposium on Frontiers of Combining Systems, volume 9322 of Lecture Notes in Computer Science, pages 135--150. Springer, 2015.

[15]

G. S. Makanin. The problem of solvability of equations in a free semigroup. English transl. in Math USSR Sbornik, 32:147--236, 1977.

[16]

K. S. Namjoshi and G. J. Narlikar. Robust and fast pattern matching for intrusion detection. In INFOCOM 2010. 29th IEEE International Conference on Computer Communications, Joint Conference of the IEEE Computer and Communications Societies, 15-19 March 2010, San Diego, CA, USA, pages 740--748, 2010.

Digital Library

[17]

R. Nieuwenhuis, A. Oliveras, and C. Tinelli. Solving SAT and SAT Modulo Theories: from an abstract Davis-Putnam-Logemann-Loveland Procedure to DPLL(T). Journal of the ACM, 53(6):937--977, Nov. 2006.

Digital Library

[18]

W. Plandowski. Satisfiability of word equations with constants is in PSPACE. Journal of the ACM, 51(3):483--496, May 2004.

Digital Library

[19]

P. Saxena, D. Akhawe, S. Hanna, F. Mao, S. McCamant, and D. Song. A symbolic execution framework for JavaScript. In Proceedings of the 2010 IEEE Symposium on Security and Privacy, pages 513--528. IEEE Computer Society, 2010.

Digital Library

[20]

M.-T. Trinh, D.-H. Chu, and J. Jaffar. S3: A symbolic string solver for vulnerability detection in web applications. In M. Yung and N. Li, editors, Proceedings of the 21st ACM Conference on Computer and Communications Security, 2014.

Digital Library

[21]

Y. Zheng, X. Zhang, and V. Ganesh. Z3-str: A z3-based string solver for web application analysis. In Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering, ESEC/FSE 2013, pages 114--124. ACM, 2013.

Digital Library

Cited By

Chen YChocholatý DHavlena VHolík LLengál OSíč J(2023)Solving String Constraints with Lengths by StabilizationProceedings of the ACM on Programming Languages10.1145/36228727:OOPSLA2(2112-2141)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622872
Blahoudek FChen YChocholatý DHavlena VHolík LLengál OSíč J(2023)Word Equations in Synergy with Regular ConstraintsFormal Methods10.1007/978-3-031-27481-7_23(403-423)Online publication date: 3-Mar-2023
https://doi.org/10.1007/978-3-031-27481-7_23
Holík LJanků PLin ARümmer PVojnar T(2017)String constraints with concatenation and transducers solved efficientlyProceedings of the ACM on Programming Languages10.1145/31580922:POPL(1-32)Online publication date: 27-Dec-2017
https://dl.acm.org/doi/10.1145/3158092

Recommendations

Solving string constraints: the case for constraint programming
CP'13: Proceedings of the 19th International Conference on Principles and Practice of Constraint Programming

We improve an existing propagator for the context-free grammar constraint and demonstrate experimentally the practicality of the resulting propagator. The underlying technique could be applied to other existing propagators for this constraint. We argue ...
IoT Security: Practical guide book
Threat-Based Security Analysis for the Internet of Things
SIOT '14: Proceedings of the 2014 International Workshop on Secure Internet of Things

The Internet of Things (IoT) is an emerging paradigm focusing on the inter-connection of things or devices to each other and to the users. This technology is anticipated to become an integral milestone in the development of smart homes and smart cities. ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

HotSos '16: Proceedings of the Symposium and Bootcamp on the Science of Security

April 2016

138 pages

ISBN:9781450342773

DOI:10.1145/2898375

General Chairs:
William L. Scherlis
Carnegie Mellon University
,
David Brumley
Carnegie Mellon University

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 April 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

HotSoS '16

HotSoS '16: HotSos 2016 Science of Security

April 19 - 21, 2016

Pennsylvania, Pittsburgh

Acceptance Rates

Overall Acceptance Rate 34 of 60 submissions, 57%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
141
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Chen YChocholatý DHavlena VHolík LLengál OSíč J(2023)Solving String Constraints with Lengths by StabilizationProceedings of the ACM on Programming Languages10.1145/36228727:OOPSLA2(2112-2141)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622872
Blahoudek FChen YChocholatý DHavlena VHolík LLengál OSíč J(2023)Word Equations in Synergy with Regular ConstraintsFormal Methods10.1007/978-3-031-27481-7_23(403-423)Online publication date: 3-Mar-2023
https://doi.org/10.1007/978-3-031-27481-7_23
Holík LJanků PLin ARümmer PVojnar T(2017)String constraints with concatenation and transducers solved efficientlyProceedings of the ACM on Programming Languages10.1145/31580922:POPL(1-32)Online publication date: 27-Dec-2017
https://dl.acm.org/doi/10.1145/3158092

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents