Effective software vulnerability detection for web services
This project will design and implement new and better methods to find vulnerabilities in software services delivered over the web or through the cloud, as well as methods for proving the absence of certain types of vulnerability. So-called injection attacks are pervasive and generally considered the most important security threat on today's Internet. The programming languages used for software services tend to use strings as a universal data structure, which unfortunately makes it hard to separate trusted code from untrusted user- provided data. This project will develop novel program analysis tools and string constraint solvers, and employ these tools to support sophisticated automated reasoning about string manipulating software.
Leader: Peter Stuckey
Staff: Peter Stuckey, Harald Sondergaard, Peter Schachte
Collaborators: Graeme Gange (CIS), Roberto Amidini (CIS), Francois Gauthier (Oracle), Alexander Jordan (Oracle)
Sponsors: Oracle, Australian Research Council
Computing and Information Systems
Networks and data in society