Publication Date

2022

Document Type

Thesis

Committee Members

Junjie Zhang, Ph.D. (Advisor); Bin Wang, Ph.D. (Committee Member); Krishnaprasad Thirunarayan, Ph.D. (Committee Member)

Degree Name

Master of Science in Computer Engineering (MSCE)

Abstract

The size and complexity of modern software programs is constantly growing making it increasingly difficult to diligently find and diagnose security exploits. The ability to quickly and effectively release patches to prevent existing vulnerabilities significantly limits the exploitation of users and/or the company itself. Due to this it has become crucial to provide the capability of not only releasing a patched version, but also to do so quickly to mitigate the potential damage. In this thesis, we propose metrics for evaluating the locality between exploitable code and its corresponding sanitation API such that we can statistically determine the proximity of these two line(s) of code. By analyzing the source code and its corresponding Abstract Syntax Tree we have defined metrics that can be applied universally across PHP scripts. Although our current approach is specific to PHP scripts, with future work our metrics could be applied across several programming languages to further extend the ability to quickly find potential patches to program exploits.

Page Count

55

Department or Program

Department of Computer Science and Engineering

Year Degree Awarded

2022

Download


Share

COinS