Completeness of Abstract Domains for String Analysis of JavaScript Programs

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F19%3A00116391" target="_blank" >RIV/00216224:14330/19:00116391 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1007/978-3-030-32505-3_15" target="_blank" >http://dx.doi.org/10.1007/978-3-030-32505-3_15</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-030-32505-3_15" target="_blank" >10.1007/978-3-030-32505-3_15</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Completeness of Abstract Domains for String Analysis of JavaScript Programs

Popis výsledku v původním jazyce

Completeness in abstract interpretation is a well-known property, which ensures that the abstract framework does not lose information during the abstraction process, with respect to the property of interest. Completeness has been never taken into account for existing string abstract domains, due to the fact that it is difficult to prove it formally. However, the effort is fully justified when dealing with string analysis, which is a key issue to guarantee security properties in many software systems, in particular for JavaScript programs where poorly managed string manipulating code often leads to significant security flaws. In this paper, we address completeness for the main JavaScript-specific string abstract domains, we provide suitable refinements of them, and we discuss the benefits of guaranteeing completeness in the context of abstract-interpretation based string analysis of dynamic languages.

Název v anglickém jazyce

Completeness of Abstract Domains for String Analysis of JavaScript Programs

Popis výsledku anglicky

Completeness in abstract interpretation is a well-known property, which ensures that the abstract framework does not lose information during the abstraction process, with respect to the property of interest. Completeness has been never taken into account for existing string abstract domains, due to the fact that it is difficult to prove it formally. However, the effort is fully justified when dealing with string analysis, which is a key issue to guarantee security properties in many software systems, in particular for JavaScript programs where poorly managed string manipulating code often leads to significant security flaws. In this paper, we address completeness for the main JavaScript-specific string abstract domains, we provide suitable refinements of them, and we discuss the benefits of guaranteeing completeness in the context of abstract-interpretation based string analysis of dynamic languages.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2019

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Theoretical Aspects of Computing – ICTAC 2019

ISBN

9783030325046

ISSN

0302-9743

e-ISSN

1611-3349

Počet stran výsledku

18

Strana od-do

255-272

Název nakladatele

Springer

Místo vydání

Hammamet, Tunisia

Místo konání akce

Hammamet, Tunisia

Datum konání akce

1. 1. 2019

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000582443200015