Group colloquium: Reasoning about the correctness of sanitizers

When: March 7, 2019, 15:45-16:30

Many web applications use sanitizers in order to defend against attacks such as SQL injections and XSS. However, it is difficult to write correct sanitizers. Therefore I have developed a method to reason about the correctness of sanitizer implementations. This method learns models, symbolic finite transducers, in a black-box manner, which then describe the behavior of the sanitizers. These models are then compared to specified models in order to find erroneous behavior. I have implemented this method in a tool called SFTLearning which can automatically derive models from real-world sanitizers.

	Home > News and Events > Events
<< EEMCS (EWI) Home News and Events » Group Colloquium » Events » In the Media People Research Education Vacancies Intranet Contact	Group colloquium: Reasoning about the correctness of sanitizers When: March 7, 2019, 15:45-16:30 Who: Sophie Lathouwers Many web applications use sanitizers in order to defend against attacks such as SQL injections and XSS. However, it is difficult to write correct sanitizers. Therefore I have developed a method to reason about the correctness of sanitizer implementations. This method learns models, symbolic finite transducers, in a black-box manner, which then describe the behavior of the sanitizers. These models are then compared to specified models in order to find erroneous behavior. I have implemented this method in a tool called SFTLearning which can automatically derive models from real-world sanitizers.