Paper published in a book (Scientific congresses, symposiums and conference proceedings)
Search-driven String Constraint Solving for Vulnerability Detection
Thome, Julian; Shar, Lwin Khin; Bianculli, Domenico et al.
2017In Proceedings of the 39th International Conference on Software Engineering (ICSE 2017)
Peer reviewed
 

Files


Full Text
icse2017.pdf
Author postprint (230.88 kB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Keywords :
vulnerability detection; string constraint solving; search-based software engineering
Abstract :
[en] Constraint solving is an essential technique for detecting vulnerabilities in programs, since it can reason about input sanitization and validation operations performed on user inputs. However, real-world programs typically contain complex string operations that challenge vulnerability detection. State-of-the-art string constraint solvers support only a limited set of string operations and fail when they encounter an unsupported one; this leads to limited effectiveness in finding vulnerabilities. In this paper we propose a search-driven constraint solving technique that complements the support for complex string operations provided by any existing string constraint solver. Our technique uses a hybrid constraint solving procedure based on the Ant Colony Optimization meta-heuristic. The idea is to execute it as a fallback mechanism, only when a solver encounters a constraint containing an operation that it does not support. We have implemented the proposed search-driven constraint solving technique in the ACO-Solver tool, which we have evaluated in the context of injection and XSS vulnerability detection for Java Web applications. We have assessed the benefits and costs of combining the proposed technique with two state-of-the-art constraint solvers (Z3-str2 and CVC4). The experimental results, based on a benchmark with 104 constraints derived from nine realistic Web applications, show that our approach, when combined in a state-of-the-art solver, significantly improves the number of detected vulnerabilities (from 4.7% to 71.9% for Z3-str2, from 85.9% to 100.0% for CVC4), and solves several cases on which the solver fails when used stand-alone (46 more solved cases for Z3-str2, and 11 more for CVC4), while still keeping the execution time affordable in practice.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Software Verification and Validation Lab (SVV Lab)
Disciplines :
Computer science
Author, co-author :
Thome, Julian ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Shar, Lwin Khin ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Bianculli, Domenico  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Briand, Lionel ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
External co-authors :
no
Language :
English
Title :
Search-driven String Constraint Solving for Vulnerability Detection
Publication date :
May 2017
Event name :
39th International Conference on Software Engineering (ICSE 2017)
Event place :
Buenos Aires, Argentina
Event date :
May 20-28, 2017
Audience :
International
Main work title :
Proceedings of the 39th International Conference on Software Engineering (ICSE 2017)
Publisher :
ACM
Peer reviewed :
Peer reviewed
Focus Area :
Security, Reliability and Trust
FnR Project :
FNR9132112 - A Scalable And Accurate Hybrid Vulnerability Analysis Framework, 2014 (01/09/2014-14/04/2018) - Julian Thomé
Name of the research project :
R-STR-5011-00 > GR V&V > 01/01/2012 - 19/01/2048 > BRIAND Lionel
Funders :
FNR - Fonds National de la Recherche [LU]
Available on ORBilu :
since 13 December 2016

Statistics


Number of views
777 (80 by Unilu)
Number of downloads
1004 (54 by Unilu)

Scopus citations®
 
26
Scopus citations®
without self-citations
23

Bibliography


Similar publications



Contact ORBilu