Knowledge-Base Semantic Gap Analysis for the Vulnerability Detection

Web security became an alert in internet computing. To cope with ever-rising security complexity, semantic analysis is proposed to fill-in the gap that the current approaches fail to commit. Conventional methods limit their focus to the physical source codes instead of the abstraction of semantics. It bypasses new types of vulnerability and causes tremendous business loss.

[1]  R. Sekar,et al.  Practical Dynamic Taint Analysis for Countering Input Validation Attacks on Web Applications , 2005 .

[2]  David A. Wagner,et al.  Large-scale analysis of format string vulnerabilities in Debian Linux , 2007, PLAS '07.

[3]  Aske Simon Christensen,et al.  Precise Analysis of String Expressions , 2003, SAS.

[4]  Tadeusz Pietraszek,et al.  Defending Against Injection Attacks Through Context-Sensitive String Evaluation , 2005, RAID.

[5]  Raymond Wu,et al.  Static and Dynamic Analysis for Web Security in Generic Format , 2009 .

[6]  Angelos D. Keromytis,et al.  SQLrand: Preventing SQL Injection Attacks , 2004, ACNS.

[7]  Michael Gertz,et al.  Semantic integrity support in SQL:1999 and commercial (object-)relational database management systems , 2001, The VLDB Journal.

[8]  Shih-Kun Huang,et al.  Web application security assessment by fault injection and behavior monitoring , 2003, WWW '03.

[9]  Mark Sherriff,et al.  Automated Fix Generator for SQL Injection Attacks , 2008, 2008 19th International Symposium on Software Reliability Engineering (ISSRE).

[10]  Alessandro Orso,et al.  A Classification of SQL Injection Attacks and Countermeasures , 2006, ISSSE.

[11]  Jarke J. van Wijk,et al.  Bridging the Semantic Gap: Visualizing Transition Graphs with User-Defined Diagrams , 2007, IEEE Computer Graphics and Applications.

[12]  Raymond Wu,et al.  Static Analysis for Web Security in Abstract Syntax Format , 2009, International Conference on Internet Computing.

[13]  Bruce W. Weide,et al.  Using parse tree validation to prevent SQL injection attacks , 2005, SEM '05.