Junjie Zhang, Ph.D. (Advisor); Bin Wang, Ph.D. (Committee Member); Krishnaprasad Thirunarayan, Ph.D. (Committee Member)
Master of Science in Computer Engineering (MSCE)
The size and complexity of modern software programs is constantly growing making it increasingly difficult to diligently find and diagnose security exploits. The ability to quickly and effectively release patches to prevent existing vulnerabilities significantly limits the exploitation of users and/or the company itself. Due to this it has become crucial to provide the capability of not only releasing a patched version, but also to do so quickly to mitigate the potential damage. In this thesis, we propose metrics for evaluating the locality between exploitable code and its corresponding sanitation API such that we can statistically determine the proximity of these two line(s) of code. By analyzing the source code and its corresponding Abstract Syntax Tree we have defined metrics that can be applied universally across PHP scripts. Although our current approach is specific to PHP scripts, with future work our metrics could be applied across several programming languages to further extend the ability to quickly find potential patches to program exploits.
Department or Program
Department of Computer Science and Engineering
Year Degree Awarded
Copyright 2022, all rights reserved. My ETD will be available under the "Fair Use" terms of copyright law.