String Analysis for JavaScript Programs Using JSAI

Slides:



Advertisements
Similar presentations
1 Verification by Model Checking. 2 Part 1 : Motivation.
Advertisements

Dataflow Analysis for Datarace-Free Programs (ESOP 11) Arnab De Joint work with Deepak DSouza and Rupesh Nasre Indian Institute of Science, Bangalore.
Runtime Techniques for Efficient and Reliable Program Execution Harry Xu CS 295 Winter 2012.
Verification and Validation
Course Outline Traditional Static Program Analysis Software Testing
8. Code Generation. Generate executable code for a target machine that is a faithful representation of the semantics of the source code Depends not only.
Current Techniques in Language-based Security David Walker COS 597B With slides stolen from: Steve Zdancewic University of Pennsylvania.
In Defense of Unsoundness Ben Livshits, Manu Sridharan, Yannis Smaragdakis, and Ondřej Lhoták.
© Janice Regan Problem-Solving Process 1. State the Problem (Problem Specification) 2. Analyze the problem: outline solution requirements and design.
Sound and Precise Analysis of Web Applications for Injection Vulnerabilities Gary Wassermann Zhendong Su.
Program analysis Mooly Sagiv html://
Program analysis Mooly Sagiv html://
Programming Language Semantics Mooly SagivEran Yahav Schrirber 317Open space html://
Overview of program analysis Mooly Sagiv html://
Semantics with Applications Mooly Sagiv Schrirber html:// Textbooks:Winskel The.
On the Correctness of Model Transformations Gabor Karsai ISIS/Vanderbilt University.
Describing Syntax and Semantics
Foundations of Programming Languages – Course Overview Xinyu Feng Acknowledgments: some slides taken or adapted from lecture notes of Stanford CS242
Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.
CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.
Reverse Engineering State Machines by Interactive Grammar Inference Neil Walkinshaw, Kirill Bogdanov, Mike Holcombe, Sarah Salahuddin.
Verification and Validation Yonsei University 2 nd Semester, 2014 Sanghyun Park.
Control Flow Resolution in Dynamic Language Author: Štěpán Šindelář Supervisor: Filip Zavoral, Ph.D.
INTRODUCTION TO COMPUTING CHAPTER NO. 06. Compilers and Language Translation Introduction The Compilation Process Phase 1 – Lexical Analysis Phase 2 –
The Program Development Cycle
ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.
Introduction to Problem Solving. Steps in Programming A Very Simplified Picture –Problem Definition & Analysis – High Level Strategy for a solution –Arriving.
The basics of the programming process The development of programming languages to improve software development Programming languages that the average user.
Convergence of Model Checking & Program Analysis Philippe Giabbanelli CMPT 894 – Spring 2008.
Formal Methods.
An Undergraduate Course on Software Bug Detection Tools and Techniques Eric Larson Seattle University March 3, 2006.
String Analysis for JavaScript Programs Serena KingDr.Lu Yves Engelmann.
Lecture #1: Introduction to Algorithms and Problem Solving Dr. Hmood Al-Dossari King Saud University Department of Computer Science 6 February 2012.
Enabling Control over Adaptive Program Transformation for Dynamically Evolving Mobile Software Validation Mike Jochen, Anteneh Anteneh, Lori Pollock University.
Software Design and Development Development Methodoligies Computing Science.
Laurea Triennale in Informatica – Corso di Ingegneria del Software I – A.A. 2006/2007 Andrea Polini XVII. Verification and Validation.
Sub-fields of computer science. Sub-fields of computer science.
Introduction to Software Modeling
Advanced Computer Systems
Software Dependability
Introduction to Optimization
Chapter 1 Introduction.
Types for Programs and Proofs
CSC 480 Software Engineering
The Software Development Cycle
Algorithm and Ambiguity
Chapter 1 Introduction.
Verification & Validation
Verification and Validation
Compiler Lecture 1 CS510.
State your reasons or how to keep proofs while optimizing code
Topic 17: Memory Analysis
Verification and Validation
Symbolic Implementation of the Best Transformer
The Future of Software Engineering: Tools
Introduction to Optimization
Foundations of Programming Languages – Course Overview
Objective of This Course
Human Complexity of Software
Foundations of Programming Languages – Course Overview
Software analysis SET seminar.
Test Case Test case Describes an input Description and an expected output Description. Test case ID Section 1: Before execution Section 2: After execution.
Introduction to Optimization
Department of Computer Science Abdul Wali Khan University Mardan
Languages and Compilers (SProg og Oversættere) Compiler Optimizations
Compiler Construction
Computer Science 340 Software Design & Testing
Carmine Abate Rob Blanco Deepak Garg Cătălin Hrițcu Jérémy Thibault
The Software Development Cycle
Presentation transcript:

String Analysis for JavaScript Programs Using JSAI Yves Engelmann Serena King Advisor: Lunjin Lu

Purpose of This Research Design/implement domain of string properties on top of JSAI - an analysis engine that was developed at UCSB 

How does it fit in with The Security Theme? An increased precision of string static analyzer will help prevent XSS, MFE, and SQLI attacks to JavaScript based programs.

What is Program Analysis In general terms, program analysis is an automated analysis of program behavior Program analysis is about developing tools and algorithms that help analyze other programs Hint: Static Analysis A short history of static program Analysis Early high-level programming languages were implemented on very small and very slow machine. Compilers needed to generate executables that were extremely efficient in space and time. Compiler writers invented efficiency- increasing program transformations, wrongly called optimizing transformations. Transformations must not change the semantics of programs. Enabling conditions guaranteed semantics preservation. Enabling conditions were checked by static analysis of programs (data-flow analysis). Theoretical foundations of static program analysis---Kleene (1930s), Tarski(1955) .Gary Kildall(1972) clarified the lattice-theoretic foundation of data flow analysis. . Patrick Cousot(1974) established the relation to the programming language semantics. Source: Static Program Analysis for Verification – an Introduction -

Static Program Analysis Analyzes the source code of a given program Dynamic Program Analysis: Analyzes the program while its running The difference between Static and Dynamic program analysis is that static analysis gives you more execution reasons but it’s less precise and Dynamic is more precise, but result are limited to observed executions. A typical static analysis question: Given source code of program P and desired property Q, does P exhibit Q in all possible executions? What does precision mean here?

Static Program Analysis Static analyses are either: Unsound: May say program is safe even though it is unsafe Sound, but incomplete: May say program is unsafe even though is safe Non-terminating: Always gives correct answer when it terminates, but may run forever Many static analysis techniques are sound but incomplete.

Timeline Week 1 - 2 Literature survey Week 3 – 6 Design/Implementation Week 6 Mid – Summer Presentation Week 7 – 9 Writing Paper

Design/Implementation TOOLS TO BE USED Understand the current constant propagation domain FA Software Current JSAI Analyzer Eclipse IDE to modify Scala source code

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.