Completeness of Abstract Domains for String Analysis of
JavaScript Programs

D 2019

Completeness of Abstract Domains for String Analysis of JavaScript Programs

ARCERI, Vincenzo, Martina OLLIARO, Agostino CORTESI a Isabella MASTROENI

Základní údaje

Originální název

Completeness of Abstract Domains for String Analysis of JavaScript Programs

Autoři

ARCERI, Vincenzo (380 Itálie), Martina OLLIARO (380 Itálie, garant, domácí), Agostino CORTESI (380 Itálie) a Isabella MASTROENI (380 Itálie)

Vydání

Hammamet, Tunisia, Theoretical Aspects of Computing – ICTAC 2019, od s. 255-272, 18 s. 2019

Nakladatel

Springer

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10201 Computer sciences, information science, bioinformatics

Stát vydavatele

Švýcarsko

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

tištěná verze "print"

Impakt faktor

Impact factor: 0.402 v roce 2005

Kód RIV

RIV/00216224:14330/19:00116391

Organizační jednotka

Fakulta informatiky

ISBN

978-3-030-32504-6

ISSN

DOI

http://dx.doi.org/10.1007/978-3-030-32505-3_15

UT WoS

000582443200015

Klíčová slova anglicky

string abstract domains; abstract interpretation completeness; string analysis

Štítky

core_B, firank_B

Příznaky

Mezinárodní význam

Změněno: 29. 3. 2021 15:41, RNDr. Pavel Šmerk, Ph.D.

Anotace

V originále

Completeness in abstract interpretation is a well-known property, which ensures that the abstract framework does not lose information during the abstraction process, with respect to the property of interest. Completeness has been never taken into account for existing string abstract domains, due to the fact that it is difficult to prove it formally. However, the effort is fully justified when dealing with string analysis, which is a key issue to guarantee security properties in many software systems, in particular for JavaScript programs where poorly managed string manipulating code often leads to significant security flaws. In this paper, we address completeness for the main JavaScript-specific string abstract domains, we provide suitable refinements of them, and we discuss the benefits of guaranteeing completeness in the context of abstract-interpretation based string analysis of dynamic languages.

Citovat

ARCERI, Vincenzo, Martina OLLIARO, Agostino CORTESI a Isabella MASTROENI. Completeness of Abstract Domains for String Analysis of JavaScript Programs. In Robert M. Hierons, Mohamed Mosbah. CORTESI, Agostino a Isabella MASTROENI. Theoretical Aspects of Computing – ICTAC 2019. Hammamet, Tunisia: Springer, 2019, s. 255-272. ISBN 978-3-030-32504-6. Dostupné z: https://dx.doi.org/10.1007/978-3-030-32505-3_15.

@inproceedings{1678177,
   author = {Arceri, Vincenzo and Olliaro, Martina and Cortesi, Agostino and Mastroeni, Isabella and Cortesi, Agostino and Mastroeni, Isabella},
   address = {Hammamet, Tunisia},
   booktitle = {Theoretical Aspects of Computing – ICTAC 2019},
   doi = {http://dx.doi.org/10.1007/978-3-030-32505-3_15},
   editor = {Robert M. Hierons, Mohamed Mosbah},
   keywords = {string abstract domains; abstract interpretation completeness; string analysis},
   howpublished = {tištěná verze "print"},
   language = {eng},
   location = {Hammamet, Tunisia},
   isbn = {978-3-030-32504-6},
   pages = {255-272},
   publisher = {Springer},
   title = {Completeness of Abstract Domains for String Analysis of JavaScript Programs},
   year = {2019}
}

TY  - JOUR
ID  - 1678177
AU  - Arceri, Vincenzo - Olliaro, Martina - Cortesi, Agostino - Mastroeni, Isabella - Cortesi, Agostino - Mastroeni, Isabella
PY  - 2019
TI  - Completeness of Abstract Domains for String Analysis of JavaScript Programs
PB  - Springer
CY  - Hammamet, Tunisia
SN  - 9783030325046
KW  - string abstract domains
KW  - abstract interpretation completeness
KW  - string analysis
N2  - Completeness in abstract interpretation is a well-known property, which ensures that the abstract framework does not lose information during the abstraction process, with respect to the property of interest. Completeness has been never taken into account for existing string abstract domains, due to the fact that it is difficult to prove it formally. However, the effort is fully justified when dealing with string analysis, which is a key issue to guarantee security properties in many software systems, in particular for JavaScript programs where poorly managed string manipulating code often leads to significant security flaws. In this paper, we address completeness for the main JavaScript-specific string abstract domains, we provide suitable refinements of them, and we discuss the benefits of guaranteeing completeness in the context of abstract-interpretation based string analysis of dynamic languages.
ER  -

ARCERI, Vincenzo, Martina OLLIARO, Agostino CORTESI a Isabella MASTROENI. Completeness of Abstract Domains for String Analysis of JavaScript Programs. In Robert M. Hierons, Mohamed Mosbah. CORTESI, Agostino a Isabella MASTROENI. \textit{Theoretical Aspects of Computing – ICTAC 2019}. Hammamet, Tunisia: Springer, 2019, s.~255-272. ISBN~978-3-030-32504-6. Dostupné z: https://dx.doi.org/10.1007/978-3-030-32505-3\_{}15.

Podrobný výpis o publikaci