Filters








2,806 Hits in 6.1 sec

An executable formal semantics of PHP with applications to program analysis

Daniele Filaretti, Sergio Maffeis, Engineering And Physical Sciences Research Council
2016
In this Thesis, we introduce KPHP, the first executable formal semantics of PHP, one of the most popular languages for server-side web programming.  ...  Tools that employ static analysis techniques are needed in order to explore all possible execution paths through an application and guarantee the absence of undesirable behaviours.  ...  KPHP is the first formal (and executable) semantics of PHP to date.  ... 
doi:10.25560/40922 fatcat:6j7bs5eydzcgjh276yxpqe3dia

An Executable Formal Semantics of PHP [chapter]

Daniele Filaretti, Sergio Maffeis
2014 Lecture Notes in Computer Science  
Although substantial effort has been spent on the problem of automatically analysing PHP code, vulnerabilities remain pervasive in web applications, and analysis tools do not provide any formal guarantees  ...  As a demonstration, we extend LTL with predicates for the verification of PHP programs, and analyse two common PHP functions.  ...  We would also like to thank the K team for their technical support on using the K framework, and Shijiao Yuwen for useful comments on an earlier version of the KPHP semantics.  ... 
doi:10.1007/978-3-662-44202-9_23 fatcat:ufvkf5725bfefoijfrete6oy5q

Practical information flow for legacy web applications

Georgios Chinis, Polyvios Pratikakis, Sotiris Ioannidis, Elias Athanasopoulos
2013 Proceedings of the 8th Workshop on Implementation, Compilation, Optimization of Object-Oriented Languages, Programs and Systems - ICOOOLPS'13  
This paper presents LabelFlow, an extension of PHP that simplifies implementation of security policies in web applications.  ...  To make matters worse, a lot of these applications, have not been implemented with security in mind, while refactoring an existing, large web application to implement a security or privacy policy is prohibitively  ...  FORMAL SEMANTICS AND SOUNDNESS We formalize our changes on PHP using a simple calculus extended with database persistent state, we define a smallstep operational semantics for our language, and state the  ... 
doi:10.1145/2491404.2491410 dblp:conf/ecoop/ChinisPIA13 fatcat:td6qyfthtbeu7clqc3p2fid2y4

Automated Code Injection Prevention for Web Applications [chapter]

Zhengqin Luo, Tamara Rezk, Manuel Serrano
2012 Lecture Notes in Computer Science  
It consists in adding an extra stage to the client code generator which compares the dynamically generated code with the specification obtained from the syntax of the source program.  ...  No plugin or modification of the web browser is required. The soundness and validity of the approach are proved formally by showing that the client compiler can be fully abstract.  ...  It then executes the PHP program with a PHP interpreter, and parses the output of the program with a Html parser, obtaining another Html tree.  ... 
doi:10.1007/978-3-642-27375-9_11 fatcat:gr4tz5sjqvgwfczbb7hwspncua

Automated Security Analysis of Dynamic Web Applications through Symbolic Code Execution

Giovanni Agosta, Alessandro Barenghi, Antonio Parata, Gerardo Pelosi
2012 2012 Ninth International Conference on Information Technology - New Generations  
We present a methodology and tool for vulnerability identification based on symbolic code execution exploiting Static Taint Analysis to improve the efficiency of the analysis.  ...  The tool targets PHP web applications, and demonstrates the effectiveness of our approach in identifying cross-site scripting and SQL injection vulnerabilities on both NIST synthetic benchmarks and real  ...  Our methodology builds over existing ones, combining Static Taint Analysis with Symbolic Code Execution to identify whether malicious user inputs can be used to subvert the semantics of the application  ... 
doi:10.1109/itng.2012.167 dblp:conf/itng/AgostaBPP12 fatcat:vvp6gc3ezrb4dii6ob4npr4exq

Program Analysis Scenarios in Rascal [chapter]

Mark Hills, Paul Klint, Jurgen J. Vinju
2012 Lecture Notes in Computer Science  
We conclude with a high-level discussion on the commonalities and differences between Rascal and Maude when applied to program analysis.  ...  We illustrate a range of scenarios for building new software analysis tools through a number of examples, including one showing integration with an existing Maude-based analysis.  ...  Parsing PHP Scripts The purpose of executing a server-side PHP script (the standard mode of execution) is to generate an HTML page which can be returned to the user.  ... 
doi:10.1007/978-3-642-34005-5_2 fatcat:4yef53ksinb7rgaw67i2osoixq

Staged program repair with condition synthesis

Fan Long, Martin Rinard
2015 Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering - ESEC/FSE 2015  
These techniques enable SPR to work productively with a set of parameterized transformation schemas to generate and efficiently search a rich space of program repairs.  ...  We present SPR, a new program repair system that combines staged program repair and condition synthesis.  ...  ACKNOWLEDGEMENTS We would like to thank Zichao Qi and Sara Anchor for their valuable help on the experiments. We also thank the anonymous reviewers for their insightful comments.  ... 
doi:10.1145/2786805.2786811 dblp:conf/sigsoft/LongR15 fatcat:t5ocpc6nvvcsfmkblyg2cohtci

Efficient static checker for tainted variable attacks

Andrei Rimsa, Marcelo d'Amorim, Fernando Magno Quintão Pereira, Roberto S. Bigonha
2014 Science of Computer Programming  
In 1997, Ørbaek and Palsberg formalized the problem of detecting these exploits as an instance of type-checking, and gave an O(V 3 ) algorithm to solve it, where V is the number of program variables.  ...  Using the same infrastructure, we compared a state-of-the-art dataflow solution with our technique. Both approaches have detected 36 vulnerabilities in well known PHP programs.  ...  We thank Paul Biggar for invaluable help with the phc compiler, plus the anonymous reviewers for helping to improve the text.  ... 
doi:10.1016/j.scico.2013.03.012 fatcat:h32qn3ypsjeuredbg5m74jci2y

Tainted Flow Analysis on e-SSA-Form Programs [chapter]

Andrei Rimsa, Marcelo d'Amorim, Fernando Magno Quintão Pereira
2011 Lecture Notes in Computer Science  
In 1997, Ørbaek and Palsberg formalized the problem of detecting these exploits as an instance of type-checking, and gave an O(V 3 ) algorithm to solve it, where V is the number of program variables.  ...  Using the same infrastructure, we compared a stateof-the-art data-flow solution with our technique. Both approaches have detected 36 vulnerabilities in well known PHP programs.  ...  We thank Paul Biggar for invaluable help with the phc compiler, and Roberto Bigonha plus the anonymous reviewers for helping to improve the text.  ... 
doi:10.1007/978-3-642-19861-8_8 fatcat:kbp4nth3g5dapmc7drttdxfchy

SAFERPHP

Sooel Son, Vitaly Shmatikov
2011 Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security - PLAS '11  
as part of SAFERPHP, a framework for static security analysis of PHP applications.  ...  Web applications are vulnerable to semantic attacks such as denial of service due to infinite loops caused by malicious inputs and unauthorized database operations due to missing security checks.  ...  Security analysis of a PHP program starts with reading its MIR and ends with generating a summary of potential vulnerabilities.  ... 
doi:10.1145/2166956.2166964 dblp:conf/pldi/SonS11 fatcat:u5pvzalydnegtkwtcivddc4mje

RoleCast

Sooel Son, Kathryn S. McKinley, Vitaly Shmatikov
2011 Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications - OOPSLA '11  
ROLECAST discovered 13 previously unreported, remotely exploitable vulnerabilities in 11 substantial PHP and JSP applications, with only 3 false positives.  ...  all programs.  ...  Acknowledgments The research described in this paper was partially supported by the NSF grants CNS-0746888, CNS-0905602, and SHF-0910818, a Google research award, and the MURI program under AFOSR Grant  ... 
doi:10.1145/2048066.2048146 dblp:conf/oopsla/SonMS11 fatcat:w2gwct5ryng77gborszbqptkva

RoleCast

Sooel Son, Kathryn S. McKinley, Vitaly Shmatikov
2011 SIGPLAN notices  
ROLECAST discovered 13 previously unreported, remotely exploitable vulnerabilities in 11 substantial PHP and JSP applications, with only 3 false positives.  ...  all programs.  ...  Acknowledgments The research described in this paper was partially supported by the NSF grants CNS-0746888, CNS-0905602, and SHF-0910818, a Google research award, and the MURI program under AFOSR Grant  ... 
doi:10.1145/2076021.2048146 fatcat:sho2vfdbujbhdabtb5shr6h5sq

KRust: A Formal Executable Semantics of Rust [article]

Feng Wang, Fu Song, Min Zhang, Xiaoran Zhu, Jun Zhang
2018 arXiv   pre-print
For formal analysis of Rust programs and helping programmers learn its new mechanisms and features, a formal semantics of Rust is desired and useful as a fundament for developing related tools.  ...  The executable semantics yields automatically a formal interpreter and verification tools for Rust programs.  ...  A long-term program is to develop an almost complete formal executable semantics for Rust and formally verify Rust programs using formal analysis tools turned from the semantics, towards which the work  ... 
arXiv:1804.10806v1 fatcat:havc5bqzlrf5djawb3tevaljaq

K-Java

Denis Bogdanas, Grigore Roşu
2015 Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages - POPL '15  
Furthermore, the formal analysis tools facilitate formal reasoning for the given language semantics, which helps both in terms of applicability of the semantics and in terms of engineering the semantics  ...  Like the authors of the C and PHP semantics, and many others, we firmly believe that programming languages must have formal semantics.  ... 
doi:10.1145/2676726.2676982 dblp:conf/popl/BogdanasR15 fatcat:5bvcemr3dfddlgbggl5sdkltey

Securing web application code by static analysis and runtime protection

Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, Der-Tsai Lee, Sy-Yen Kuo
2004 Proceedings of the 13th conference on World Wide Web - WWW '04  
During the analysis, sections of code considered vulnerable are instrumented with runtime guards, thus securing Web applications in the absence of user intervention.  ...  Many verification tools are discovering previously unknown vulnerabilities in legacy C programs, raising hopes that the same success can be achieved with Web applications.  ...  We would also like to thank Dr. Bow-Yaw Wang for his useful suggestions.  ... 
doi:10.1145/988672.988679 dblp:conf/www/HuangYHTLK04 fatcat:rp336lsjajhgdgdhfvuqba27cu
« Previous Showing results 1 — 15 out of 2,806 results