2012 Technical Reports

Department of Computing and Information Sciences
Kansas State University

Report 2012-1 Static command-injection-attack detection based on abstract parsing by Kyung-Goo Doh, Hyunha Kim, and David A. Schmidt
Abstract: We formulate a static analysis that validates when a document-generating script generates only syntactically well-formed documents that are protected from command-injection attacks. The analysis is based upon abstract parsing, a technique that combines LR-parsing, data-flow analysis, semantic-attribute processing and partial evaluation. We develop new techniques for higher-order LALR-parse states, semantic-attributes processing, and string transducers, to implement the analysis.