verification of string manipulating programs
play

Verification of String Manipulating Programs Fang Yu Software - PowerPoint PPT Presentation

Feb 26, 2024 •227 likes •1.62k views

Introduction Automata Manipulations Symbolic String Vulnerability Analysis Composite String Analysis Implementation and Summary Verification of String Manipulating Programs Fang Yu Software Security Lab. Department of Management Information

  1. Web Software Introduction Security Issues Automata Manipulations Vulnerabilities Symbolic String Vulnerability Analysis Detection Composite String Analysis Removal Implementation and Summary Overview XSS Attack An attacker may provide an input that contains < script and execute the malicious script. l 1: < ?php l 2: $www = < script ... > ; l 3: $l otherinfo = ”URL”; l 4: echo ” < td > ” . $l otherinfo . ”: ” . < script ... > . ” < /td > ”; l 5:? > 21 / 138

  2. Web Software Introduction Security Issues Automata Manipulations Vulnerabilities Symbolic String Vulnerability Analysis Detection Composite String Analysis Removal Implementation and Summary Overview Is it Vulnerable? A simple taint analysis, e.g., [Huang et al. WWW04], would report this segment as vulnerable using taint propagation . l 1: < ?php l 2: $www = $ GET[”www”]; l 3: $l otherinfo = ”URL”; l 4: echo ” < td > ” . $l otherinfo . ”: ” .$www. ” < /td > ”; l 5:? > 22 / 138

  3. Web Software Introduction Security Issues Automata Manipulations Vulnerabilities Symbolic String Vulnerability Analysis Detection Composite String Analysis Removal Implementation and Summary Overview Is it Vulnerable? Add a sanitization routine at line s. l 1: < ?php l 2: $www = $ GET[”www”]; l 3: $l otherinfo = ”URL”; l s: $www = ereg replace(”[ ∧ A-Za-z0-9 .-@://]”,””,$www); l 4: echo ” < td > ” . $l otherinfo . ”: ” . $www . ” < /td > ”; l 5:? > • Taint analysis will assume that $www is untainted after the routine, and conclude that the segment is not vulnerable. 23 / 138

  4. Web Software Introduction Security Issues Automata Manipulations Vulnerabilities Symbolic String Vulnerability Analysis Detection Composite String Analysis Removal Implementation and Summary Overview Sanitization Routines are Erroneous However, ereg replace(”[ ∧ A-Za-z0-9 .-@://]”,””,$www); does not sanitize the input properly. • Removes all characters that are not in { A-Za-z0-9 .-@:/ } . • .-@ denotes all characters between ”.” and ”@” (including ” < ” and ” > ”) • ”.-@” should be ”. \ -@” 24 / 138

  5. Web Software Introduction Security Issues Automata Manipulations Vulnerabilities Symbolic String Vulnerability Analysis Detection Composite String Analysis Removal Implementation and Summary Overview A buggy sanitization routine l 1: < ?php l 2: $www = < script ... > ; l 3: $l otherinfo = ”URL”; l s: $www = ereg replace(”[ ∧ A-Za-z0-9 .-@://]”,””, $www); l 4: echo ” < td > ” . $l otherinfo . ”: ” . < script ... > . ” < /td > ”; l 5:? > • A buggy sanitization routine used in MyEasyMarket-4.1 that causes a vulnerable point at line 218 in trans.php [Balzarotti et al., S&P’08] • Our string analysis identifies that the segment is vulnerable with respect to the attack pattern: Σ ∗ < scriptΣ ∗ . 25 / 138

  6. Web Software Introduction Security Issues Automata Manipulations Vulnerabilities Symbolic String Vulnerability Analysis Detection Composite String Analysis Removal Implementation and Summary Overview Eliminate Vulnerabilities Input < !sc+rip!t ... > does not match the attack pattern Σ ∗ < scriptΣ ∗ , but still can cause an attack l 1: < ?php l 2: $www = < !sc+rip!t ... > ; l 3: $l otherinfo = ”URL”; l s: $www = ereg replace(”[ ∧ A-Za-z0-9 .-@://]”,””, < !sc+rip!t ... > ); l 4: echo ” < td > ” . $l otherinfo . ”: ” . < script ... > . ” < /td > ”; l 5:? > 26 / 138

  7. Web Software Introduction Security Issues Automata Manipulations Vulnerabilities Symbolic String Vulnerability Analysis Detection Composite String Analysis Removal Implementation and Summary Overview Eliminate Vulnerabilities • We generate vulnerability signature that characterizes all malicious inputs that may generate attacks (with respect to the attack pattern) • The vulnerability signature for $ GET[”www”] is Σ ∗ < α ∗ s α ∗ c α ∗ r α ∗ i α ∗ p α ∗ t Σ ∗ , where α �∈ { A-Za-z0-9 .-@:/ } and Σ is any ASCII character • Any string accepted by this signature can cause an attack • Any string that dose not match this signature will not cause an attack. I.e., one can filter out all malicious inputs using our signature 27 / 138

  8. Web Software Introduction Security Issues Automata Manipulations Vulnerabilities Symbolic String Vulnerability Analysis Detection Composite String Analysis Removal Implementation and Summary Overview Prove the Absence of Vulnerabilities Fix the buggy routine by inserting the escape character \ . l 1: < ?php l 2: $www = $ GET[”www”]; l 3: $l otherinfo = ”URL”; l s’: $www = ereg replace(”[ ∧ A-Za-z0-9 . \ -@://]”,””,$www); l 4: echo ” < td > ” . $l otherinfo . ”: ” . $www . ” < /td > ”; l 5:? > Using our approach, this segment is proven not to be vulnerable against the XSS attack pattern: Σ ∗ < scriptΣ ∗ . 28 / 138

  9. Web Software Introduction Security Issues Automata Manipulations Vulnerabilities Symbolic String Vulnerability Analysis Detection Composite String Analysis Removal Implementation and Summary Overview Multiple Inputs? Things can be more complicated while there are multiple inputs. l 1: < ?php l 2: $www = $ GET[”www”]; l 3: $l otherinfo = $ GET[”other”]; l 4: echo ” < td > ” . $l otherinfo . ”: ” . $www . ” < /td > ”; l 5:? > • An attack string can be contributed from one input, another input, or their combination • We can generate relational vulnerability signatures and automatically synthesize effective patches. 29 / 138

  10. Web Software Introduction Security Issues Automata Manipulations Vulnerabilities Symbolic String Vulnerability Analysis Detection Composite String Analysis Removal Implementation and Summary Overview String Analysis • String analysis determines all possible values that a string expression can take during any program execution • Using string analysis we can identify all possible input values of the sensitive functions. Then we can check if inputs of sensitive functions can contain attack strings • If string analysis determines that the intersection of the attack pattern and possible inputs of the sensitive function is empty. Then we can conclude that the program is secure • If the intersection is not empty, then we can again use string analysis to generate a vulnerability signature that characterizes all malicious inputs 30 / 138

  11. Web Software Introduction Security Issues Automata Manipulations Vulnerabilities Symbolic String Vulnerability Analysis Detection Composite String Analysis Removal Implementation and Summary Overview Automata-based String Analysis • Finite State Automata can be used to characterize sets of string values • We use automata based string analysis • Associate each string expression in the program with an automaton • The automaton accepts an over approximation of all possible values that the string expression can take during program execution • Using this automata representation we symbolically execute the program, only paying attention to string manipulation operations • Attack patterns are specified as regular expressions 31 / 138

  12. Web Software Introduction Security Issues Automata Manipulations Vulnerabilities Symbolic String Vulnerability Analysis Detection Composite String Analysis Removal Implementation and Summary Overview String Analysis Stages 32 / 138

  13. Web Software Introduction Security Issues Automata Manipulations Vulnerabilities Symbolic String Vulnerability Analysis Detection Composite String Analysis Removal Implementation and Summary Overview Automata-based Analyses We present an automata-based approach for automatic verification of string manipulating programs. Given a program that manipulates strings, we verify assertions about string variables. • Symbolic String Vulnerability Analysis • Relational String Analysis • Composite String Analysis 33 / 138

  14. Web Software Introduction Security Issues Automata Manipulations Vulnerabilities Symbolic String Vulnerability Analysis Detection Composite String Analysis Removal Implementation and Summary Overview Challenges • Precision: Need to deal with sanitization routines having decent PHP functions, e.g., ereg replacement . • Complexity: Need to face the fact that the problem itself is undecidable. The fixed point may not exist and even if it exists the computation itself may not converge. • Performance: Need to perform efficient automata manipulations in terms of both time and memory. 34 / 138

  15. Web Software Introduction Security Issues Automata Manipulations Vulnerabilities Symbolic String Vulnerability Analysis Detection Composite String Analysis Removal Implementation and Summary Overview Features of Our Approach We propose: • A Language-based Replacement: to model decent string operations in PHP programs. • An Automata Widening Operator: to accelerate fixed point computation. • A Symbolic Encoding: using Multi-terminal Binary Decision Diagrams (MBDDs) from MONA DFA packages. 35 / 138

  16. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary A Language-based Replacement M = replace ( M 1 , M 2 , M 3 ) • M 1 , M 2 , and M 3 are DFAs. • M 1 accepts the set of original strings, • M 2 accepts the set of match strings, and • M 3 accepts the set of replacement strings • Let s ∈ L ( M 1), x ∈ L ( M 2), and c ∈ L ( M 3): • Replaces all parts of any s that match any x with any c . • Outputs a DFA that accepts the result to M . 36 / 138

  17. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary M = replace ( M 1 , M 2 , M 3 ) Some examples: L ( M 1 ) L ( M 2 ) L ( M 3 ) L ( M ) { baaabaa } { aa } { c } a + { baaabaa } ǫ a + b { baaabaa } { c } a + { baaabaa } { c } ba + b a + { c } 37 / 138

  18. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary M = replace ( M 1 , M 2 , M 3 ) Some examples: L ( M 1 ) L ( M 2 ) L ( M 3 ) L ( M ) { baaabaa } { aa } { c } { bacbc, bcabc } a + { baaabaa } ǫ a + b { baaabaa } { c } a + { baaabaa } { c } ba + b a + { c } 38 / 138

  19. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary M = replace ( M 1 , M 2 , M 3 ) Some examples: L ( M 1 ) L ( M 2 ) L ( M 3 ) L ( M ) { baaabaa } { aa } { c } { bacbc, bcabc } a + { baaabaa } { bb } ǫ a + b { baaabaa } { c } a + { baaabaa } { c } ba + b a + { c } 39 / 138

  20. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary M = replace ( M 1 , M 2 , M 3 ) Some examples: L ( M 1 ) L ( M 2 ) L ( M 3 ) L ( M ) { baaabaa } { aa } { c } { bacbc, bcabc } a + { baaabaa } { bb } ǫ a + b { baaabaa } { c } { baacaa, bacaa, bcaa } a + { baaabaa } { c } ba + b a + { c } 40 / 138

  21. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary M = replace ( M 1 , M 2 , M 3 ) Some examples: L ( M 1 ) L ( M 2 ) L ( M 3 ) L ( M ) { baaabaa } { aa } { c } { bacbc, bcabc } a + { baaabaa } ǫ { bb } a + b { baaabaa } { c } { baacaa, bacaa, bcaa } a + { baaabaa } { c } { bcccbcc, bcccbc, bccbcc, bccbc, bcbcc, bcbc } ba + b a + { c } 41 / 138

  22. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary M = replace ( M 1 , M 2 , M 3 ) Some examples: L ( M 1 ) L ( M 2 ) L ( M 3 ) L ( M ) { baaabaa } { aa } { c } { bacbc, bcabc } a + { baaabaa } ǫ { bb } a + b { baaabaa } { c } { baacaa, bacaa, bcaa } a + { baaabaa } { c } { bcccbcc, bcccbc, bccbcc, bccbc, bcbcc, bcbc } ba + b a + bc + b { c } 42 / 138

  23. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary M = replace ( M 1 , M 2 , M 3 ) • An over approximation with respect to the leftmost/longest(first) constraints • Many string functions in PHP can be converted to this form: • h tmlspecialchars, t olower, t oupper, s tr replace, t rim, and • p reg replace and e reg replace that have regular expressions as their arguments. 43 / 138

  24. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary A Language-based Replacement Implementation of replace ( M 1 , M 2 , M 3 ): • Mark matching sub-strings • Insert marks to M 1 • Insert marks to M 2 • Replace matching sub-strings • Identify marked paths • Insert replacement automata In the following, we use two marks: < and > (not in Σ), and a duplicate set of alphabet: Σ ′ = { α ′ | α ∈ Σ } . We use an example to illustrate our approach. 44 / 138

  25. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary An Example Construct M = replace ( M 1 , M 2 , M 3 ). • L ( M 1 ) = { baab } • L ( M 2 ) = a + = { a , aa , aaa , . . . } • L ( M 3 ) = { c } 45 / 138

  26. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary Step 1 Construct M ′ 1 from M 1 : • Duplicate M 1 using Σ ′ • Connect the original and duplicated states with < and > 1 accepts b < a ′ a ′ > b , b < a ′ > ab . For instance, M ′ 46 / 138

  27. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary Step 2 Construct M ′ 2 from M 2 : • Construct M ¯ 2 that accepts strings do not contain any substring in L ( M 2 ). (a) • Duplicate M 2 using Σ ′ . (b) • Connect (a) and (b) with marks. (c) 2 accepts b < a ′ a ′ > b , b < a ′ > bc < a ′ > . For instance, M ′ (a) (b) (c) 47 / 138

  28. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary Step 3 Intersect M ′ 1 and M ′ 2 . • The matched substrings are marked in Σ ′ . • Identify ( s , s ′ ), so that s → < . . . → > s ′ . In the example, we idenitfy three pairs:(i,j), (i,k), (j,k). 48 / 138

  29. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary Step 4 Construct M : • Insert M 3 for each identified pair. (d) • Determinize and minimize the result. (e) L ( M ) = { bcb , bccb } . (d) (e) 49 / 138

  30. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary Quiz 1 Compute M = replace ( M 1 , M 2 , M 3 ), where L( M 1 ) = { baabc } , L( M 2 )= a + b , L( M 3 ) = { c } . 50 / 138

  31. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary Concatenation We introduce concatenation transducers to specify the relation X = YZ . • A concatenation transducer is a 3-track DFA M over the alphabet Σ × (Σ ∪ { λ } ) × (Σ ∪ { λ } ), where λ �∈ Σ is a special symbol for padding. • ∀ w ∈ L ( M ), w [1] = w ′ [2] . w ′ [3] • w [ i ] (1 ≤ i ≤ 3) to denote the i th track of w ∈ Σ 3 • w ′ [2] ∈ Σ ∗ is the λ -free prefix of w [2] and • w ′ [3] ∈ Σ ∗ is the λ -free suffix of w [3] 51 / 138

  32. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary Suffix Consider X = ( ab ) + . Z Assume L ( M X ) = { ab , abc } . What are the values of Z ? • We first build the transducer M for X = ( ab ) + Z • We intersect M with M X on the first track • The result is the third track of the intersection, i.e., { ǫ, c } . 52 / 138

  33. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary Prefix Consider X = Y . ( ab ) + . Assume L ( M X ) = { ab , cab } . What are the values of Y ? • We first build the transducer M for X = Y . ( ab ) + • We intersect M with M X on the first track • The result is the second track of the intersection, i.e., { ǫ, c } . 53 / 138

  34. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary Quiz 2 What is the concatenation transducer for the general case X=YZ, i.e., X, Y, Z ∈ Σ ∗ ? 54 / 138

  35. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary Widening Automata: M ∇ M ′ Compute an automaton so that L ( M ∇ M ′ ) ⊇ L ( M ) ∪ L ( M ′ ). We can use widening to accelerate the fixpoint computation. 55 / 138

  36. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary Widening Automata: M ∇ M ′ Here we introduce one widening operator originally proposed by Bartzis and Bultan [CAV04]. Intuitively, • Identify equivalence classes, and • Merge states in an equivalence class • L ( M ∇ M ′ ) ⊇ L ( M ) ∪ L ( M ′ ) 56 / 138

  37. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary State Equivalence q , q ′ are equivalent if one of the following condition holds: • ∀ w ∈ Σ ∗ , w is accepted by M from q then w is accepted by M ′ from q ′ , and vice versa. • ∃ w ∈ Σ ∗ , M reaches state q and M ′ reaches state q ′ after consuming w from its initial state respectively. • ∃ q ”, q and q ” are equivalent, and q ′ and q ”are equivalent. 57 / 138

  38. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary An Example for M ∇ M ′ • L ( M ) = { ǫ, ab } and L ( M ′ ) = { ǫ, ab , abab } . • The set of equivalence classes: C = { q ′′ 0 , q ′′ 1 } , where q ′′ 0 = { q 0 , q ′ 0 , q 2 , q ′ 2 , q ′ 4 } and q ′′ 1 = { q 1 , q ′ 1 , q ′ 3 } . (b) M ′ (c) M ∇ M ′ (a) M Figure: Widening automata 58 / 138

  39. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary Quiz 3 Compute M ∇ M ′ , where L ( M ) = { a , ab , ac } and L ( M ′ ) = { a , ab , ac , abc , acc } . 59 / 138

  40. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary A Fixed Point Computation Recall that we want to compute the least fixpoint that corresponds to the reachable values of string expressions. • The fixpoint computation will compute a sequence M 0 , M 1 , ..., M i , ..., where M 0 = I and M i = M i − 1 ∪ post ( M i − 1 ) 60 / 138

  41. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary A Fixed Point Computation Consider a simple example: • Start from an empty string and concatenate ab at each iteration • The exact computation sequence M 0 , M 1 , ..., M i , ... will never converge, where L ( M 0 ) = { ǫ } and L ( M i ) = { ( ab ) k | 1 ≤ k ≤ i } ∪ { ǫ } . 61 / 138

  42. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary Accelerate The Fixed Point Computation Use the widening operator ∇ . • Compute an over-approximate sequence instead: M ′ 0 , M ′ 1 , ..., M ′ i , ... • M ′ 0 = M 0 , and for i > 0, M ′ i = M ′ i − 1 ∇ ( M ′ i − 1 ∪ post ( M ′ i − 1 )). An over-approximate sequence for the simple example: (a) M ′ (b) M ′ (c) M ′ (d) M ′ 0 1 2 3 62 / 138

  43. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary Automata Representation A DFA Accepting [A-Za-z0-9]* (ASC II). (a) Explicit Representation (b) Symbolic Representation 63 / 138

  44. Introduction Language Replacement Automata Manipulations Language Concatenation Symbolic String Vulnerability Analysis Widening Automata Composite String Analysis Symbolic Encoding Implementation and Summary Another Automata Example 64 / 138

  45. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Automatic Verification of String Manipulating Programs • Symbolic String Vulnerability Analysis • Relational String Analysis • Composite String Analysis 65 / 138

  46. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Symbolic String Vulnerability Analysis Given a program, types of sensitive functions, and an attack pattern, we say • A program is vulnerable if a sensitive function at some program point can take a string that matches the attack pattern as its input • A program is not vulnerable (with respect to the attack pattern) if no such functions exist in the program 66 / 138

  47. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary String Analysis Stages 67 / 138

  48. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Front End Consider the following segment. l < ?php l 1: $www = $ GET[”www”]; l 2: $url = ”URL:”; l 3: $www = preg replace(”[ ∧ A-Z.-@]”,””,$www); l 4: echo $url. $www; l ? > 68 / 138

  49. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Front End A dependency graph specifies how the values of input nodes flow to a sink node (i.e., a sensitive function) NEXT: Compute all possible values of a sink node 69 / 138

  50. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Detecting Vulnerabilities • Associates each node with an automaton that accepts an over approximation of its possible values • Uses automata-based forward symbolic analysis to identify the possible values of each node • Uses post -image computations of string operations: • postConcat( M 1 , M 2 ) returns M , where M = M 1 . M 2 • postReplace( M 1 , M 2 , M 3 ) returns M , where M = replace ( M 1 , M 2 , M 3 ) 70 / 138

  51. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Forward Analysis • Allows arbitrary values, i.e., Σ ∗ , from user inputs • Propagates post-images to next nodes iteratively until a fixed point is reached 71 / 138

  52. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Forward Analysis • At the first iteration, for the replace node, we call postReplace( Σ ∗ , Σ \ { A − Z . − @ } , "") 72 / 138

  53. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Forward Analysis • At the second iteration, we call postConcat("URL:", { A − Z . − @ } ∗ ) 73 / 138

  54. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Forward Analysis • The third iteration is a simple assignment • After the third iteration, we reach a fixed point NEXT: Is it vulnerable? 74 / 138

  55. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Detecting Vulnerabilities • We know all possible values of the sink node (echo) • Given an attack pattern, e.g., (Σ \ < ) ∗ < Σ ∗ , if the intersection is not an empty set, the program is vulnerable. Otherwise, it is not vulnerable with respect to the attack pattern NEXT: What are the malicious inputs? 75 / 138

  56. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Generating Vulnerability Signatures • A vulnerability signature is a characterization that includes all malicious inputs that can be used to generate attack strings • Uses backward analysis starting from the sink node • Uses pre -image computations on string operations: • preConcatPrefix( M , M 2 ) returns M 1 and preConcatSuffix( M , M 1 ) returns M 2 , where M = M 1 . M 2 . • preReplace( M , M 2 , M 3 ) retunrs M 1 , where M = replace ( M 1 , M 2 , M 3 ). 76 / 138

  57. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Backward Analysis • Computes pre-images along with the path from the sink node to the input node • Uses forward analysis results while computing pre-images 77 / 138

  58. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Backward Analysis • The first iteration is a simple assignment. 78 / 138

  59. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Backward Analysis • At the second iteration, we call preConcatSuffix( URL : { A − Z . − ; = − @ } ∗ < { A − Z . − @ } ∗ , "URL:") . • M = M 1 . M 2 79 / 138

  60. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Backward Analysis • We call preReplace( { A − Z . − ; = − @ } ∗ < { A − Z . − @ } ∗ , Σ \ { A − Z . − @ } , "") at the third iteration. • M = replace ( M 1 , M 2 , M 3 ) • After the third iteration, we reach a fixed point. 80 / 138

  61. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Vulnerability Signatures • The vulnerability signature is the result of the input node, which includes all possible malicious inputs • An input that does not match this signature cannot exploit the vulnerability NEXT: How to detect and prevent malicious inputs 81 / 138

  62. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Patch Vulnerable Applications • Match-and-block: A patch that checks if the input string matches the vulnerability signature and halts the execution if it does • Match-and-sanitize: A patch that checks if the input string matches the vulnerability signature and modifies the input if it does 82 / 138

  63. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Sanitize The idea is to modify the input by deleting certain characters (as little as possible) so that it does not match the vulnerability signature • Given a DFA, an alphabet cut is a set of characters that after ”removing” the edges that are associated with the characters in the set, the modified DFA does not accept any non-empty string 83 / 138

  64. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Find An Alphabet Cut • Finding a minimum alphabet cut of a DFA is an NP-hard problem (one can reduce the vertex cover problem to this problem) • We apply a min-cut algorithm to find a cut that separates the initial state and the final states of the DFA • We give higher weight to edges that are associated with alpha-numeric characters • The set of characters that are associated with the edges of the min cut is an alphabet cut 84 / 138

  65. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Patch Vulnerable Applications A match-and-sanitize patch: If the input matches the vulnerability signature, delete all characters in the alphabet cut l < ?php l if (preg match(’/[ ∧ < ]* < .*/’,$ GET[”www”])) l $ GET[”www”] = preg replace( < ,””,$ GET[”www”]); l 1: $www = $ GET[”www”]; l 2: $url = ”URL:”; l 3: $www = preg replace(”[ ∧ A-Z.-@]”,””,$www); l 4: echo $url. $www; l ? > 85 / 138

  66. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Experiments We evaluated our approach on five vulnerabilities from three open source web applications: • (1) MyEasyMarket-4.1 (a shopping cart program), • (2) BloggIT-1.0 (a blog engine), and • (3) proManager-0.72 (a project management system). We used the following XSS attack pattern Σ ∗ < SCRIPT Σ ∗ . 86 / 138

  67. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Dependency Graphs • The dependency graphs of these benchmarks are built for sensitive sinks • Unrelated parts have been removed using slicing #nodes #edges #concat #replace #constant #sinks #inputs 1 21 20 6 1 46 1 1 2 29 29 13 7 108 1 1 3 25 25 6 6 220 1 2 4 23 22 10 9 357 1 1 5 25 25 14 12 357 1 1 Table: Dependency Graphs. #constant: the sum of the length of the constants 87 / 138

  68. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Vulnerability Analysis Performance Forward analysis seems quite efficient. time(s) mem(kb) res. #states / #bdds #inputs 1 0.08 2599 vul 23/219 1 2 0.53 13633 vul 48/495 1 3 0.12 1955 vul 125/1200 2 4 0.12 4022 vul 133/1222 1 5 0.12 3387 vul 125/1200 1 Table: #states /#bdds of the final DFA (after the intersection with the attack pattern) 88 / 138

  69. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Signature Generation Performance Backward analysis takes more time. Benchmark 2 involves a long sequence of replace operations. time(s) mem(kb) #states /#bdds 1 0.46 2963 9/199 2 41.03 1859767 811/8389 3 2.35 5673 20/302, 20/302 4 2.33 32035 91/1127 5 5.02 14958 20/302 Table: #states /#bdds of the vulnerability signature 89 / 138

  70. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Cuts Sig. 1 2 3 4 5 input i 1 i 1 i 1 , i 2 i 1 i 1 #edges 1 8 4, 4 4 4 { <, ′ , ” } { <, ′ , ” } { <, ′ , ” } alp.-cut { < } Σ, Σ Table: Cuts. #edges: the number of edges in the min-cut. • For 3 (two user inputs), the patch will block everything and delete everything 90 / 138

  71. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Multiple Inputs? Things can be more complicated while there are multiple inputs. l 1: < ?php l 2: $www = $ GET[”www”]; l 3: $l otherinfo = $ GET[”other”]; l 4: echo ” < td > ” . $l otherinfo . ”: ” . $www . ” < /td > ”; l 5:? > • An attack string can be contributed from one input, another input, or their combination • Using single-track DFAs, the analysis over approximates the relations among input variables (e.g. the concatenation of two inputs contains an attack) • There may be no way to prevent it by restricting only one input 91 / 138

  72. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Automatic Verification of String Manipulating Programs • Symbolic String Vulnerability Analysis • Relational String Analysis • Composite String Analysis 92 / 138

  73. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Relational String Analysis Instead of multiple single -track DFAs, we use one multi -track DFA, where each track represents the values of one string variable. Using multi-track DFAs we are able to: • Identify the relations among string variables • Generate relational vulnerability signatures for multiple user inputs of a vulnerable application • Prove properties that depend on relations among string variables, e.g., $file = $usr.txt (while the user is Fang, the open file is Fang.txt) • Summarize procedures • Improve the precision of the path-sensitive analysis 93 / 138

  74. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Multi-track Automata • Let X (the first track), Y (the second track), be two string variables • λ is a padding symbol • A multi-track automaton that encodes X = Y.txt 94 / 138

  75. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Relational Vulnerability Signature • Performs forward analysis using multi-track automata to generate relational vulnerability signatures • Each track represents one user input • An auxiliary track represents the values of the current node • Each constant node is a single track automaton (the auxiliary track) accepting the constant string • Each user input node is a two track automaton (an input track + the auxiliary track) accepting strings that two tracks have the same value 95 / 138

  76. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Relational Vulnerability Signature Consider a simple example having multiple user inputs l < ?php l 1: $www = $ GET[”www”]; l 2: $url =$ GET[”url”]; l 3: echo $url. $www; l ? > Let the attack pattern be (Σ \ < ) ∗ < Σ ∗ 96 / 138

  77. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Signature Generation 97 / 138

  78. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Relational Vulnerability Signature Upon termination, intersects the auxiliary track with the attack pattern • A multi-track automaton: ($url, $www , aux) • Identifies the fact that the concatenation of two inputs contains < 98 / 138

  79. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Relational Vulnerability Signature • Projects away the auxiliary track • Finds a min-cut • This min-cut identifies the alphabet cuts: • { < } for the first track ($url) • { < } for the second track ($www) 99 / 138

  80. Introduction Vulnerability Analysis Automata Manipulations Signature Generation Symbolic String Vulnerability Analysis Sanitization Generation Composite String Analysis Relational String Analysis Implementation and Summary Patch Vulnerable Applications with Multi Inputs Patch: If the inputs match the signature, delete its alphabet cut l < ?php l if (preg match(’/[ ∧ < ]* < .*/’, $ GET[”url”].$ GET[”www”])) { l $ GET[”url”] = preg replace(” < ”,””,$ GET[”url”]); l $ GET[”www”] = preg replace(” < ”,””,$ GET[”www”]); l } l 1: $www = $ GET[”www”]; l 2: $url = $ GET[”url”]; l 3: echo $url. $www; l ? > 100 / 138

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Symbolic String Verification: Combining String Analysis and Size Analysis Fang Yu Tevfik Bultan

Symbolic String Verification: Combining String Analysis and Size Analysis Fang Yu Tevfik Bultan

Symbolic String Verification: Combining String Analysis and Size Analysis Symbolic String Verification: Combining String Analysis and Size Analysis Fang Yu Tevfik Bultan Oscar H. Ibarra Deptartment of Computer Science University of California

477 views • 36 slides
pointer-manipulating programs Nadia Polikarpova joint work with Ilya Sergey (Yale-NUS) follow

pointer-manipulating programs Nadia Polikarpova joint work with Ilya Sergey (Yale-NUS) follow

SuSLik: synthesis of safe pointer-manipulating programs Nadia Polikarpova joint work with Ilya Sergey (Yale-NUS) follow along https://github.com/TyGuS/suslik-tutorial 2 pointer-manipulating programs network / security operating systems

1.23k views • 105 slides
Symbolic String Verification: An Automata-based Approach Fang Yu Tevfik Bultan Marco Cova

Symbolic String Verification: An Automata-based Approach Fang Yu Tevfik Bultan Marco Cova

Outline Motivation Symbolic String Verification Experiments Conclusion Symbolic String Verification: An Automata-based Approach Fang Yu Tevfik Bultan Marco Cova Oscar H. Ibarra Dept. of Computer Science University of California Santa

465 views • 35 slides
Optimisation and verification of quantum circuits with string diagrams Aleks Kissinger STRING 3;

Optimisation and verification of quantum circuits with string diagrams Aleks Kissinger STRING 3;

Optimisation and verification of quantum circuits with string diagrams Aleks Kissinger STRING 3; Birmingham 2019 Aleks Kissinger STRING 3, 2019 1 / 43 Quantum software 1. := the code the runs on a quantum computer factoring search quantum

1.16k views • 91 slides
Introduction to ASF+SDF ASF+SDF Goal: defining languages &amp; manipulating programs Mark van

Introduction to ASF+SDF ASF+SDF Goal: defining languages &amp; manipulating programs Mark van

Introduction to ASF+SDF ASF+SDF Goal: defining languages &amp; manipulating programs Mark van den Brand SDF: Syntax definition Formalism Paul Klint Jurgen Vinju lexical &amp; context-free syntax ASF: Algebraic Specification

426 views • 4 slides
Formal verification of numerical programs: from C annotated programs to Coq proofs Sylvie Boldo

Formal verification of numerical programs: from C annotated programs to Coq proofs Sylvie Boldo

Third International Workshop on Numerical Software Verification Formal verification of numerical programs: from C annotated programs to Coq proofs Sylvie Boldo INRIA Saclay - Ile-de-France July 15th, 2010 Thanks to the organizers !

1.72k views • 136 slides
Contents Logic Programming Manipulating Programs Listing Writing Prolog Interpreter in Prolog

Contents Logic Programming Manipulating Programs Listing Writing Prolog Interpreter in Prolog

Contents Logic Programming Manipulating Programs Listing Writing Prolog Interpreter in Prolog Temur Kutsia Research Institute for Symbolic Computation The consult Predicate Johannes Kepler University Linz, Austria kutsia@risc.jku.at

297 views • 6 slides
Verification of Imperative Programs through Transformation of Constraint Logic Programs Emanuele

Verification of Imperative Programs through Transformation of Constraint Logic Programs Emanuele

Verification of Imperative Programs through Transformation of Constraint Logic Programs Emanuele De Angelis 1 , Fabio Fioravanti 1 , Alberto Pettorossi 2 , and Maurizio Proietti 3 1 University of Chieti-Pescara G. dAnnunzio, Italy 2

671 views • 52 slides
Verifying Array Manipulating Programs by Tiling Authors: Supratik Chakraborty, Ashutosh Gupta,

Verifying Array Manipulating Programs by Tiling Authors: Supratik Chakraborty, Ashutosh Gupta,

Verifying Array Manipulating Programs by Tiling Authors: Supratik Chakraborty, Ashutosh Gupta, Divyesh Unadkat R Venkatesh TCS Research December 11-16, 2017 Winter School in Software Engineering Pune, India Authors: Supratik Chakraborty,

1.04k views • 76 slides
Logic Programming Manipulating Programs Temur Kutsia Research Institute for Symbolic Computation

Logic Programming Manipulating Programs Temur Kutsia Research Institute for Symbolic Computation

Logic Programming Manipulating Programs Temur Kutsia Research Institute for Symbolic Computation Johannes Kepler University of Linz, Austria kutsia@risc.uni-linz.ac.at Contents Listing Writing Prolog Interpreter in Prolog The consult

248 views • 24 slides
The KeY Platform for Verification and Analysis of Java Programs Reiner H ahnle Technische

The KeY Platform for Verification and Analysis of Java Programs Reiner H ahnle Technische

The KeY Platform for Verification and Analysis of Java Programs Reiner H ahnle Technische Universit at Darmstadt Department of Computer Science, Software Engineering Group Dagstuhl Seminar 16131: Language Based Verification Tools for

1.01k views • 68 slides
Polyhedral Domains and Widening for Verification of Numerical Programs Goran Frehse Verimag

Polyhedral Domains and Widening for Verification of Numerical Programs Goran Frehse Verimag

Polyhedral Domains and Widening for Verification of Numerical Programs Goran Frehse Verimag Hitashyam Maka and Bruce H. Krogh Carnegie Mellon University 1 Verification of numerical programs Problem definition Polyhedral domains

390 views • 26 slides
Building Java Programs Chapter 5 Lecture 10: while Loops, Fencepost Loops, and Sentinel Loops

Building Java Programs Chapter 5 Lecture 10: while Loops, Fencepost Loops, and Sentinel Loops

Building Java Programs Chapter 5 Lecture 10: while Loops, Fencepost Loops, and Sentinel Loops reading: 5.1 5.2 1 String methods Method name Description indexOf( str ) index where the start of the given string appears in this string (-1 if

755 views • 41 slides
String Matching String matching problem: string T (text) and string P (pattern) over an

String Matching String matching problem: string T (text) and string P (pattern) over an

String Matching String matching problem: string T (text) and string P (pattern) over an alphabet . String Matching |T| = n, |P| = m. Report all starting positions of occurrences of P in T. Inge Li Grtz P = a b a b a c a T

468 views • 9 slides
Combining SAT solving with Integer Programming for Inductive Verification of Lustre Programs 3rd

Combining SAT solving with Integer Programming for Inductive Verification of Lustre Programs 3rd

Introduction Verification Analysis Summary Combining SAT solving with Integer Programming for Inductive Verification of Lustre Programs 3rd December 2004 Anders Franz en Combining SAT and ILP Introduction Verification Analysis

776 views • 58 slides
Manipulating the Frame Information With an Underflow Attack Emilie FAUGERON - CARDIS 2013

Manipulating the Frame Information With an Underflow Attack Emilie FAUGERON - CARDIS 2013

Manipulating the Frame Information With an Underflow Attack Emilie FAUGERON - CARDIS 2013 emilie.faugeron@thalesgroup.com Thales Communications &amp; Security Table of Contents 2 / 2 Overview Byte code verification of the Underflow

474 views • 45 slides
Encryption as an Abstract Datatype: an extended abstract Dale Miller INRIA/Futurs/Saclay and

Encryption as an Abstract Datatype: an extended abstract Dale Miller INRIA/Futurs/Saclay and

June 2003 1/18 Encryption as an Abstract Datatype: an extended abstract Dale Miller INRIA/Futurs/Saclay and Ecole polytechnique Outline 1. Security protocols specified using multisets rewriting. 2. Eigenvariables for nonces and session

460 views • 18 slides
Lecture # 5 - Monday, Aug 30th In this lecture I reviewed the previous lecture 4, and then

Lecture # 5 - Monday, Aug 30th In this lecture I reviewed the previous lecture 4, and then

Lecture # 5 - Monday, Aug 30th In this lecture I reviewed the previous lecture 4, and then reviewed the final point of lecture #3: Hennigs logical approach to tree inference is valid as logic, but we have a hard time using it because our data

660 views • 7 slides
Logic Minimization M. Sachdev, Dept. of Electrical &amp; Computer Engineering University of

Logic Minimization M. Sachdev, Dept. of Electrical &amp; Computer Engineering University of

ECE 223 Digital Circuits and Systems Logic Minimization M. Sachdev, Dept. of Electrical &amp; Computer Engineering University of Waterloo 1 Karnaugh Maps - Introduction 2-Level Logic implementation using SOP or POS is not the most

187 views • 14 slides
Parallel generation of pseudo-random sequences Who?

Parallel generation of pseudo-random sequences Who?

Parallel generation of pseudo-random sequences Who? 1100001010100110001001100100111010010110110001100000 0100001100101000011010101110010011101000011000100110 111101101010111000011110 = ( Cedric Lauradoux ) 10

646 views • 35 slides
Data Handling Processor Performance Test Results Tetsuichi

Data Handling Processor Performance Test Results Tetsuichi

Data Handling Processor Performance Test Results Tetsuichi Kishishita, Bonn University DEPFET PXD ASIC Design Review, October 27-28, 2014 Outline Verification

685 views • 44 slides
Quine-McCluskey Algorithm Useful for minimizing equations with more than 4 inputs. Like

Quine-McCluskey Algorithm Useful for minimizing equations with more than 4 inputs. Like

Quine-McCluskey Algorithm Useful for minimizing equations with more than 4 inputs. Like K-map, also uses combining theorem Allows for automation Chapter 2 &lt;1&gt; Edward McCluskey (1929-2016) Pioneer in Electrical Engineering

531 views • 23 slides
Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata

Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata

Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata Nagoya University iwata@cse.nagoya-u.ac.jp ESC, Echternach Symmetric Crypto seminar January 11, 2008 Blockcipher plaintext M

576 views • 40 slides
On the Metric-based Approximate Minimization of Markov Chains* Giovanni Bacci , Giorgio Bacci,

On the Metric-based Approximate Minimization of Markov Chains* Giovanni Bacci , Giorgio Bacci,

On the Metric-based Approximate Minimization of Markov Chains* Giovanni Bacci , Giorgio Bacci, Kim G. Larsen, Radu Mardare Aalborg University OPCT 2017 Vienna, 26th June 2017 1/27 (*) accepted for publication at ICALP17 Introduction

1.16k views • 89 slides

More recommend