Abstract interpretation based analysis of Scripting Languages - Joint Projects 2014

Starting date
December 1, 2014
Duration (months)
24
Departments
Computer Science
Managers or local contacts
Mastroeni Isabella

The project is intended to the design and implementation of an static analyzer for PHP based on abstract interpretation and insensible on dynamic code mutations as caused by reflection. Modeling reflection in dynamic languages is a particularly hard problem because this feature breaks on of the fundamental bases of static analysis, which is the static structure of the program to be analyzed. Most existing approaches are based on dynamic analysis. In AbScript we plan to bypass this limitation and develop a very first static analyzer for almost full PHP, which is insensible to dynamic code mutations. The application context will be the analisi of the information flow in order to prevent code injection attacks. The experimentation will be made on standard benchmarks and services implemented in PHP and developed in Maxfone for big-data analytics.

Sponsors:

Funds: assigned and managed by the department

Project participants

Mila Dalla Preda
Associate Professor
Roberto Giacobazzi
Full Professor
Isabella Mastroeni
Associate Professor
Research areas involved in the project
Sicurezza informatica
Software and application security  (DI)
Ingegneria del Software e verifica formale
Software and application security  (DI)

Activities

Research facilities

Share