CS 595C -
Static String Analysis - Spring 2008
Description:
In this seminar we will discuss
static string analysis techniques.
Each student will be asked to present a paper and read the papers
that are presented.
Instructor:
Tevfik Bultan
Meeting time:
Thursday 3:00PM.
Location: HFH 1152.
Enrollement Code: 76125
Presentations
-
Meeting time: April 10, Thursday, 3pm
Location: HFH 1152
Paper:
"A Static Analysis Framework For Detecting SQL Injection
Vulnerabilities"
Xiang Fu,
Xin Lu,
Boris Peltsverger,
Shijun Chen,
Kai Qian,
Lixin Tao.
COMPSAC 2007, pages 87-96.
Presenter: Tevfik Bultan
Papers
- "Saner: Composing Static and Dynamic Analysis to
Validate Sanitization in
Web Applications."
Davide Balzarotti, Marco Cova, Viktoria Felmetsger, Nenad Jovanovic,
Christopher Kruegel, Engin Kirda, Giovanni Vigna.
SSP08.
Presenter: Marco Cova
-
"A Static Analysis Framework For Detecting SQL Injection
Vulnerabilities"
Xiang Fu,
Xin Lu,
Boris Peltsverger,
Shijun Chen,
Kai Qian,
Lixin Tao.
COMPSAC 2007, pages 87-96.
Presenter: Tevfik Bultan
-
"Abstracting Symbolic Execution with String Analysis"
Daryl Shannon, Sukant Hajra, Alison Lee, Daiqian Zhan and Sarfraz
Khurshid.
Testing: Academic and Industrial Conference Practice and Research
Techniques 2007.
Presenter: Christo Wilson
-
"Sound and precise analysis of web applications
for injection vulnerabilities."
Gary Wassermann and Zhendong Su.
In Proceedings of the ACM SIGPLAN 2007
Conference on Programming Language Design and Implementation, pages 32-41,
2007.
Presenter: Chris Coakley
-
"A Practical String Analyzer by the Widening Approach"
Tae-Hyoung Choi, Oukseh Lee, Hyunha Kim and Kyung-Goo Doh
APLAS 2006: Asian Symposium on Programming Languages and Systems.
-
"Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities"
Nenad Jovanovic, Christopher Kruegel, and Engin Kirda.
SSP06.
Presenter: Muath Alkhalaf
-
"AMNESIA: Analysis and Monitoring for NEutralizing
SQL-Injection Attacks."
W. Halfond and A. Orso.
ASE 2005.
Presenter: Chris Ferguson
-
"Static Checking of Dynamically Generated Queries in Database Applications."
Carl Gould, Zhengdong Su, and Premkumar Devanbu. ICSE04.
Presenter: Giovanni Vigna
-
"Precise
analysis of string expressions."
Aske Simon Christensen, Anders Moller, and Michael I. Schwartzbach.
In Proc. 10th International Static Analysis Symposium,
SAS '03, volume 2694 of LNCS, pages 1-18. Springer-Verlag, June 2003.
Presenter: Fang Yu
- "CSSV: towards a realistic tool for statically detecting all
buffer overflows in C."
Nurit Dor, Michael Rodeh, Shmuel Sagiv.
PLDI 2003: 155-167.
-
"Cleanness Checking of String Manipulations in C Programs via
Integer Analysis."
Nurit Dor, Michael Rodeh, Shmuel Sagiv.
SAS 2001: 194-212.
Presenter: Chris Kruegel
-
"A First Step Towards Automated Detection of Buffer Overrun
Vulnerabilities."
David Wagner, Jeffrey S. Foster, Eric A. Brewer, and Alexander Aiken.
NDSS 2000.