String Analysis for Software Verification and Security
String Analysis for Software Verification and Security

Author: Tevfik Bultan

Publisher: Springer

Published: 2018-01-04

Total Pages: 177

ISBN-13: 3319686704

DOWNLOAD EBOOK

This book discusses automated string-analysis techniques, focusing particularly on automata-based static string analysis. It covers the following topics: automata-bases string analysis, computing pre and post-conditions of basic string operations using automata, symbolic representation of automata, forward and backward string analysis using symbolic automata representation, constraint-based string analysis, string constraint solvers, relational string analysis, vulnerability detection using string analysis, string abstractions, differential string analysis, and automated sanitization synthesis using string analysis. String manipulation is a crucial part of modern software systems; for example, it is used extensively in input validation and sanitization and in dynamic code and query generation. The goal of string-analysis techniques and this book is to determine the set of values that string expressions can take during program execution. String analysis can be used to solve many problems in modern software systems that relate to string manipulation, such as: (1) Identifying security vulnerabilities by checking if a security sensitive function can receive an input string that contains an exploit; (2) Identifying possible behaviors of a program by identifying possible values for dynamically generated code; (3) Identifying html generation errors by computing the html code generated by web applications; (4) Identifying the set of queries that are sent to back-end database by analyzing the code that generates the SQL queries; (5) Patching input validation and sanitization functions by automatically synthesizing repairs illustrated in this book. Like many other program-analysis problems, it is not possible to solve the string analysis problem precisely (i.e., it is not possible to precisely determine the set of string values that can reach a program point). However, one can compute over- or under-approximations of possible string values. If the approximations are precise enough, they can enable developers to demonstrate existence or absence of bugs in string manipulating code. String analysis has been an active research area in the last decade, resulting in a wide variety of string-analysis techniques. This book will primarily target researchers and professionals working in computer security, software verification, formal methods, software engineering and program analysis. Advanced level students or instructors teaching or studying courses in computer security, software verification or program analysis will find this book useful as a secondary text.

Challenges of Software Verification
Challenges of Software Verification

Author: Vincenzo Arceri

Publisher: Springer Nature

Published: 2023-09-04

Total Pages: 275

ISBN-13: 9811996016

DOWNLOAD EBOOK

This book provides an overview about the open challenges in software verification. Software verification is a branch of software engineering aiming at guaranteeing that software applications satisfy some requirements of interest. Over the years, the software verification community has proposed and considered several techniques: abstract interpretation, data-flow analysis, type systems, model checking are just a few examples. The theoretical advances have been always motivated by practical challenges that have led to an equal evolution of both these sides of software verification. Indeed, several verification tools have been proposed by the research community and any software application, in order to guarantee that certain software requirements are met, needs to integrate a verification phase in its life cycle, independently of the context of application or software size. This book is aimed at collecting contributions discussing recent advances in facing open challenges in software verification, relying on a broad spectrum of verification techniques. This book collects contributions ranging from theoretical to practical arguments, and it is aimed at both researchers in software verification and their practitioners.

Software Verification and Analysis
Software Verification and Analysis

Author: Janusz Laski

Publisher: Springer Science & Business Media

Published: 2009-04-29

Total Pages: 229

ISBN-13: 1848822405

DOWNLOAD EBOOK

“The situation is good, but not hopeless” (Polish folk wisdom) The text is devoted to the Software Analysis and Testing (SAT) methods and s- porting tools for assessing and, if possible, improving software quality, specifically its correctness. The term quality assurance is avoided for it is this author’s firm belief that in the current state of the art that goal is unattainable, a plethora of “gu- anteed” solutions to the problem notwithstanding. Therefore, the rather awkward phrase “improving correctness” is to be understood as an effort to minimize the number of residual programming faults (“bugs”) and their impact on the software’s behavior, that is, to make the faults tolerable. It is clear that such a minimalist approach is a result of frustration. Indeed, having spent years developing software and teaching (preaching?) “How to do it right,” I still do not know how to go about it with any degree of certainty! It appears then I probably should stop right now, for who with a modicum of common sense would reach for a text that does not offer salvation but (as will be seen) hard work and misery? If I intend to continue, it is only that I suspect there are many professionals out there who have similar doubts. And they are the intended audience of this project. The philosophical underpinning of the text is the importance of sound engine- ing practices in software development.

Secure Programming with Static Analysis
Secure Programming with Static Analysis

Author: Brian Chess

Publisher: Pearson Education

Published: 2007-06-29

Total Pages: 1101

ISBN-13: 0132702029

DOWNLOAD EBOOK

The First Expert Guide to Static Analysis for Software Security! Creating secure code requires more than just good intentions. Programmers need to know that their code will be safe in an almost infinite number of scenarios and configurations. Static source code analysis gives users the ability to review their work with a fine-toothed comb and uncover the kinds of errors that lead directly to security vulnerabilities. Now, there’s a complete guide to static analysis: how it works, how to integrate it into the software development processes, and how to make the most of it during security code review. Static analysis experts Brian Chess and Jacob West look at the most common types of security defects that occur today. They illustrate main points using Java and C code examples taken from real-world security incidents, showing how coding errors are exploited, how they could have been prevented, and how static analysis can rapidly uncover similar mistakes. This book is for everyone concerned with building more secure software: developers, security engineers, analysts, and testers.

Verification, Model Checking, and Abstract Interpretation
Verification, Model Checking, and Abstract Interpretation

Author: Bernd Finkbeiner

Publisher: Springer Nature

Published: 2022-01-13

Total Pages: 531

ISBN-13: 3030945839

DOWNLOAD EBOOK

This book constitutes the proceedings of the 23rd International Conference on Verification, Model Checking, and Abstract Interpretation, VMCAI 2022, which took place in Philadelphia, PA, USA, in January 2022. The 22 papers presented in this volume were carefully reviewed from 48 submissions. VMCAI provides a forum for researchers working on verification, model checking, and abstract interpretation and facilitates interaction, cross-fertilization, and advancement of hybrid methods that combine these and related areas.

Automatic Detection of Security Vulnerabilities in Source Code
Automatic Detection of Security Vulnerabilities in Source Code

Author: Xiaochun Yang

Publisher:

Published: 2010

Total Pages: 252

ISBN-13:

DOWNLOAD EBOOK

Growing security requirements for systems and applications have raised the stakes on software security verification techniques. Static analysis has been widely used to detect vulnerabilities at compile time. It takes advantage of the relevant information generated by the compiler and scales well to large code base. However, it is limited to check low-level security properties that syntactically match concrete program actions. Recently, model-checking is settling and showing great promise in the arena of software verification. Nevertheless, it suffers from abstraction issues for deriving a model of the program that can be model-checked. In this thesis, we present our security verification approach that brings into a synergy static analysis and model-checking. This synergy leverages the advantages of both techniques. We use the static analysis to automatically generate a concise abstraction of the program. On the other-hand, the model-checking provides the capability and flexibility of specifying and verifying a wide range of properties, and we also benefit from the exhaustive program analysis provided by model-checking.

The Art of Software Security Testing
The Art of Software Security Testing

Author: Chris Wysopal

Publisher: Pearson Education

Published: 2006-11-17

Total Pages: 332

ISBN-13: 0132715759

DOWNLOAD EBOOK

State-of-the-Art Software Security Testing: Expert, Up to Date, and Comprehensive The Art of Software Security Testing delivers in-depth, up-to-date, battle-tested techniques for anticipating and identifying software security problems before the “bad guys” do. Drawing on decades of experience in application and penetration testing, this book’s authors can help you transform your approach from mere “verification” to proactive “attack.” The authors begin by systematically reviewing the design and coding vulnerabilities that can arise in software, and offering realistic guidance in avoiding them. Next, they show you ways to customize software debugging tools to test the unique aspects of any program and then analyze the results to identify exploitable vulnerabilities. Coverage includes Tips on how to think the way software attackers think to strengthen your defense strategy Cost-effectively integrating security testing into your development lifecycle Using threat modeling to prioritize testing based on your top areas of risk Building testing labs for performing white-, grey-, and black-box software testing Choosing and using the right tools for each testing project Executing today’s leading attacks, from fault injection to buffer overflows Determining which flaws are most likely to be exploited by real-world attackers

Concise Guide to Software Verification
Concise Guide to Software Verification

Author: Marieke Huisman

Publisher: Springer Nature

Published: 2023-07-24

Total Pages: 251

ISBN-13: 3031301676

DOWNLOAD EBOOK

This textbook overviews the whole spectrum of formal methods and techniques that are aimed at verifying correctness of software, and how they can be used in practice. It focuses on techniques whereby the user has some control over the properties that are being checked. More specifically, it shows a wide range of techniques covering the whole spectrum: from abstract system design to implementation, from bug finding to full proofs, and from techniques that are push-button by design and give a yes/no answer to techniques that require the user to provide explicit guidance to steer the analysis process. Topics and features: Covers a broad spectrum of software verification techniques, from model checking to annotation checking Provides numerous examples to demonstrate the techniques Focuses on how techniques can be used (and the main ideas behind how they work), as opposed to how they are implemented Explains strengths and weaknesses of the techniques, providing insight into when to use which technique in practice This unique textbook has been written primarily for master’s level students in computer science studying embedded systems and specializing in software technology. The book will also be of interest for students studying cyber security and data science technology, as well as for system or software developers interested in techniques that offer formal guarantees about software.

Model Checking Software
Model Checking Software

Author: Fabrizio Biondi

Publisher: Springer Nature

Published: 2019-10-02

Total Pages: 269

ISBN-13: 3030309231

DOWNLOAD EBOOK

This book constitutes the refereed proceedings of the 26th International Symposium on Model Checking Software, SPIN 2019, held in Beijing, China, in July 2019. The 11 full papers presented and 2 demo-tool papers, were carefully reviewed and selected from 29 submissions. Topics covered include formal verification techniques for automated analysis of software; formal analysis for modeling languages, such as UML/state charts; formal specification languages, temporal logic, design-by-contract; model checking, automated theorem proving, including SAT and SMT; verifying compilers; abstraction and symbolic execution techniques; and much more.

Model Checking Software
Model Checking Software

Author: Klaus Havelund

Publisher: Springer Science & Business Media

Published: 2008-07-25

Total Pages: 352

ISBN-13: 3540851135

DOWNLOAD EBOOK

This book constitutes the refereed proceedings of the 15th International SPIN workshop on Model Checking Software, SPIN 2008, held in Los Angeles, CA, USA, in August 2008. The 17 revised full papers presented together with 1 tool paper and 4 invited talks were carefully reviewed and selected from 41 submissions. The main focus of the workshop series is software systems, including models and programs. The papers cover theoretical and algorithmic foundations as well as tools for software model checking and foster interactions and exchanges of ideas with related areas in software engineering, such as static analysis, dynamic analysis, and testing.