Date Added: Jun 2009
Given a program and an attack pattern (specified as a regular expression), the authors automatically generate string-based vulnerability signatures, i.e., a characterization that includes all malicious inputs that can be used to generate attacks. They use an automata-based string analysis framework. Using forward reachability analysis they compute an over-approximation of all possible values that string variables can take at each program point. Intersecting these with the attack pattern yields the potential attack strings if the program is vulnerable. Using backward analysis they compute an over-approximation of all possible inputs that can generate those attack strings.