Web applications contain numerous vulnerabilities that can be exploited by attackers to gain unauthorized access to confidential information and to manipulate sensitive data. Many of these vulnerabilities are due to inadequate manipulation of string variables. String analysis, a technique that captures the string values that a certain variable might hold at a particular program point, can be used to identify such flaws. In this project, novel and precise string analysis techniques will be developed using an automata-based approach that represents possible values of a string variable at a program point as an automaton. Techniques that support path-sensitivity and that enable precise analysis of loops using automata-based widening operations will be developed. Basic string analysis techniques will be extended to a composite analysis where relationships among string variables and other types of variables can be automatically discovered and analyzed. The precision of string analysis plays a central role for obtaining good results with static vulnerability detection tools. The precise string analysis techniques developed in this project will enable analysis of programs that cannot be analyzed with existing techniques. The results of these improved string analysis techniques will lead to novel software security solutions and detection of novel types of vulnerabilities.
