Effective software vulnerability detection for web services

Project description

This project will design and implement new and better methods to find vulnerabilities in software services delivered over the web or through the cloud, as well as methods for proving the absence of certain types of vulnerability. So-called injection attacks are pervasive and generally considered the most important security threat on today's Internet. The programming languages used for software services tend to use strings as a universal data structure, which unfortunately makes it hard to separate trusted code from untrusted user- provided data. This project will develop novel program analysis tools and string constraint solvers, and employ these tools to support sophisticated automated reasoning about string manipulating software.

Project team

Leader: Peter Stuckey

Staff: Peter Stuckey, Harald Sondergaard, Peter Schachte

Collaborators: Graeme Gange (CIS), Roberto Amidini (CIS), Francois Gauthier (Oracle), Alexander Jordan (Oracle)

Sponsors: Oracle, Australian Research Council

Other projects

Networks and data in society projects

Disciplines

Computing and Information Systems

Domains

Networks and data in society