A Scalable and Accurate Hybrid Vulnerability Analysis Framework

Thome, Julian

Reference : A Scalable and Accurate Hybrid Vulnerability Analysis Framework


	Document type :	Dissertations and theses : Doctoral thesis
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/35504

Title :	A Scalable and Accurate Hybrid Vulnerability Analysis Framework
Language :	English
Author, co-author :	Thome, Julian [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Publication date :	6-Apr-2018
Institution :	University of Luxembourg, Luxembourg
Name of the degree :	Docteur en Informatique
Supervisor :	Briand, Lionel
	Bianculli, Domenico
President of the jury :	Sabetzadeh, Mehrdad
Member of the jury :	Denaro, Giovanni
	Gorla, Alessandra
Keywords :	[en] vulnerability detection ; string constraint solving ; security auditing ; static analysis ; search-based software engineering
Abstract :	[en] As the Internet has become an integral part of our everyday life for activities such as e-mail, online-banking, shopping, entertainment, etc., vulnerabilities in Web software arguably have greater impact than vulnerabilities in other types of software. Vulnerabilities in Web applications may lead to serious issues such as disclosure of confidential data, integrity violation, denial of service, loss of commercial confidence/customer trust, and threats to the continuity of business operations. For companies these issues can result in significant financial losses. The most common and serious threats for Web applications include injection vulnerabilities, where malicious input can be “injected” into the program to alter its intended behavior or the one of another system. These vulnerabilities can cause serious damage to a system and its users. For example, an attacker could compromise the systems underlying the application or gain access to a database containing sensitive information. The goal of this thesis is to provide a scalable approach, based on symbolic execution and constraint solving, which aims to effectively find injection vulnerabilities in the server-side code of Java Web applications and which generates no or few false alarms, minimizes false negatives, overcomes the path explosion problem and enables the solving of complex constraints.
Research centres :	Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Software Verification and Validation Lab (SVV Lab)
Funders :	Fonds National de la Recherche - FnR
Target :	Researchers ; Professionals ; Students
Permalink :	http://hdl.handle.net/10993/35504
FnR project :	FnR ; FNR9132112 > Julian Thomé > HyVAn > A Scalable and Accurate Hybrid Vulnerability Analysis Framework > 01/09/2014 > 14/04/2018 > 2014

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	Thesis_JulianThome2018.pdf		Author postprint	1.26 MB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices