An executable formal semantics of PHP with applications to program analysis.

In this Thesis, we introduce KPHP, the first executable formal semantics of PHP, one of the most popular languages for server-side web programming. ... Tools that employ static analysis techniques are needed in order to explore all possible execution paths through an application and guarantee the absence of undesirable behaviours. ... KPHP is the first formal (and executable) semantics of PHP to date. ...

doi:10.25560/40922 fatcat:6j7bs5eydzcgjh276yxpqe3dia

Although substantial effort has been spent on the problem of automatically analysing PHP code, vulnerabilities remain pervasive in web applications, and analysis tools do not provide any formal guarantees ... As a demonstration, we extend LTL with predicates for the verification of PHP programs, and analyse two common PHP functions. ... We would also like to thank the K team for their technical support on using the K framework, and Shijiao Yuwen for useful comments on an earlier version of the KPHP semantics. ...

doi:10.1007/978-3-662-44202-9_23 fatcat:ufvkf5725bfefoijfrete6oy5q

This paper presents LabelFlow, an extension of PHP that simplifies implementation of security policies in web applications. ... To make matters worse, a lot of these applications, have not been implemented with security in mind, while refactoring an existing, large web application to implement a security or privacy policy is prohibitively ... FORMAL SEMANTICS AND SOUNDNESS We formalize our changes on PHP using a simple calculus extended with database persistent state, we define a smallstep operational semantics for our language, and state the ...

doi:10.1145/2491404.2491410 dblp:conf/ecoop/ChinisPIA13 fatcat:td6qyfthtbeu7clqc3p2fid2y4

It consists in adding an extra stage to the client code generator which compares the dynamically generated code with the specification obtained from the syntax of the source program. ... No plugin or modification of the web browser is required. The soundness and validity of the approach are proved formally by showing that the client compiler can be fully abstract. ... It then executes the PHP program with a PHP interpreter, and parses the output of the program with a Html parser, obtaining another Html tree. ...

doi:10.1007/978-3-642-27375-9_11 fatcat:gr4tz5sjqvgwfczbb7hwspncua

We present a methodology and tool for vulnerability identification based on symbolic code execution exploiting Static Taint Analysis to improve the efficiency of the analysis. ... The tool targets PHP web applications, and demonstrates the effectiveness of our approach in identifying cross-site scripting and SQL injection vulnerabilities on both NIST synthetic benchmarks and real ... Our methodology builds over existing ones, combining Static Taint Analysis with Symbolic Code Execution to identify whether malicious user inputs can be used to subvert the semantics of the application ...

doi:10.1109/itng.2012.167 dblp:conf/itng/AgostaBPP12 fatcat:vvp6gc3ezrb4dii6ob4npr4exq

We conclude with a high-level discussion on the commonalities and differences between Rascal and Maude when applied to program analysis. ... We illustrate a range of scenarios for building new software analysis tools through a number of examples, including one showing integration with an existing Maude-based analysis. ... Parsing PHP Scripts The purpose of executing a server-side PHP script (the standard mode of execution) is to generate an HTML page which can be returned to the user. ...

doi:10.1007/978-3-642-34005-5_2 fatcat:4yef53ksinb7rgaw67i2osoixq

These techniques enable SPR to work productively with a set of parameterized transformation schemas to generate and efficiently search a rich space of program repairs. ... We present SPR, a new program repair system that combines staged program repair and condition synthesis. ... ACKNOWLEDGEMENTS We would like to thank Zichao Qi and Sara Anchor for their valuable help on the experiments. We also thank the anonymous reviewers for their insightful comments. ...

doi:10.1145/2786805.2786811 dblp:conf/sigsoft/LongR15 fatcat:t5ocpc6nvvcsfmkblyg2cohtci

In 1997, Ørbaek and Palsberg formalized the problem of detecting these exploits as an instance of type-checking, and gave an O(V 3 ) algorithm to solve it, where V is the number of program variables. ... Using the same infrastructure, we compared a state-of-the-art dataflow solution with our technique. Both approaches have detected 36 vulnerabilities in well known PHP programs. ... We thank Paul Biggar for invaluable help with the phc compiler, plus the anonymous reviewers for helping to improve the text. ...

doi:10.1016/j.scico.2013.03.012 fatcat:h32qn3ypsjeuredbg5m74jci2y

Szczepanski

In 1997, Ørbaek and Palsberg formalized the problem of detecting these exploits as an instance of type-checking, and gave an O(V 3 ) algorithm to solve it, where V is the number of program variables. ... Using the same infrastructure, we compared a stateof-the-art data-flow solution with our technique. Both approaches have detected 36 vulnerabilities in well known PHP programs. ... We thank Paul Biggar for invaluable help with the phc compiler, and Roberto Bigonha plus the anonymous reviewers for helping to improve the text. ...

doi:10.1007/978-3-642-19861-8_8 fatcat:kbp4nth3g5dapmc7drttdxfchy

as part of SAFERPHP, a framework for static security analysis of PHP applications. ... Web applications are vulnerable to semantic attacks such as denial of service due to infinite loops caused by malicious inputs and unauthorized database operations due to missing security checks. ... Security analysis of a PHP program starts with reading its MIR and ends with generating a summary of potential vulnerabilities. ...

doi:10.1145/2166956.2166964 dblp:conf/pldi/SonS11 fatcat:u5pvzalydnegtkwtcivddc4mje

ROLECAST discovered 13 previously unreported, remotely exploitable vulnerabilities in 11 substantial PHP and JSP applications, with only 3 false positives. ... all programs. ... Acknowledgments The research described in this paper was partially supported by the NSF grants CNS-0746888, CNS-0905602, and SHF-0910818, a Google research award, and the MURI program under AFOSR Grant ...

doi:10.1145/2048066.2048146 dblp:conf/oopsla/SonMS11 fatcat:w2gwct5ryng77gborszbqptkva

ROLECAST discovered 13 previously unreported, remotely exploitable vulnerabilities in 11 substantial PHP and JSP applications, with only 3 false positives. ... all programs. ... Acknowledgments The research described in this paper was partially supported by the NSF grants CNS-0746888, CNS-0905602, and SHF-0910818, a Google research award, and the MURI program under AFOSR Grant ...

doi:10.1145/2076021.2048146 fatcat:sho2vfdbujbhdabtb5shr6h5sq

For formal analysis of Rust programs and helping programmers learn its new mechanisms and features, a formal semantics of Rust is desired and useful as a fundament for developing related tools. ... The executable semantics yields automatically a formal interpreter and verification tools for Rust programs. ... A long-term program is to develop an almost complete formal executable semantics for Rust and formally verify Rust programs using formal analysis tools turned from the semantics, towards which the work ...

arXiv:1804.10806v1 fatcat:havc5bqzlrf5djawb3tevaljaq

Furthermore, the formal analysis tools facilitate formal reasoning for the given language semantics, which helps both in terms of applicability of the semantics and in terms of engineering the semantics ... Like the authors of the C and PHP semantics, and many others, we firmly believe that programming languages must have formal semantics. ...

doi:10.1145/2676726.2676982 dblp:conf/popl/BogdanasR15 fatcat:5bvcemr3dfddlgbggl5sdkltey

During the analysis, sections of code considered vulnerable are instrumented with runtime guards, thus securing Web applications in the absence of user intervention. ... Many verification tools are discovering previously unknown vulnerabilities in legacy C programs, raising hopes that the same success can be achieved with Web applications. ... We would also like to thank Dr. Bow-Yaw Wang for his useful suggestions. ...

doi:10.1145/988672.988679 dblp:conf/www/HuangYHTLK04 fatcat:rp336lsjajhgdgdhfvuqba27cu

An executable formal semantics of PHP with applications to program analysis

Preserved Fulltext

An Executable Formal Semantics of PHP [chapter]

Preserved Fulltext

Practical information flow for legacy web applications

Preserved Fulltext

Automated Code Injection Prevention for Web Applications [chapter]

Preserved Fulltext

Automated Security Analysis of Dynamic Web Applications through Symbolic Code Execution

Preserved Fulltext

Program Analysis Scenarios in Rascal [chapter]

Preserved Fulltext

Staged program repair with condition synthesis

Preserved Fulltext

Efficient static checker for tainted variable attacks

Preserved Fulltext

Tainted Flow Analysis on e-SSA-Form Programs [chapter]

Preserved Fulltext

SAFERPHP

Preserved Fulltext

RoleCast

Preserved Fulltext

RoleCast

Preserved Fulltext

KRust: A Formal Executable Semantics of Rust [article]

Preserved Fulltext

K-Java

Preserved Fulltext

Securing web application code by static analysis and runtime protection

Preserved Fulltext