Show simple item record

dc.contributor.authorNear, Joseph Paul
dc.contributor.authorJackson, Daniel
dc.date.accessioned2015-12-18T15:59:27Z
dc.date.available2015-12-18T15:59:27Z
dc.date.issued2014-09
dc.identifier.isbn9781450330138
dc.identifier.urihttp://hdl.handle.net/1721.1/100435
dc.description.abstractDerailer is an interactive tool for finding security bugs in web applications. Using symbolic execution, it enumerates the ways in which application data might be exposed. The user is asked to examine these exposures and classify the conditions under which they occur as security-related or not; in so doing, the user effectively constructs a specification of the application's security policy. The tool then highlights exposures missing security checks, which tend to be security bugs. We have tested Derailer's scalability on several large open-source Ruby on Rails applications. We have also applied it to a large number of student projects (designed with different security policies in mind), exposing a variety of security bugs that eluded human reviewers.en_US
dc.description.sponsorshipNational Science Foundation (U.S.) (Grant 0707612)en_US
dc.language.isoen_US
dc.publisherAssociation for Computing Machinery (ACM)en_US
dc.relation.isversionofhttp://dx.doi.org/10.1145/2642937.2643012en_US
dc.rightsCreative Commons Attribution-Noncommercial-Share Alikeen_US
dc.rights.urihttp://creativecommons.org/licenses/by-nc-sa/4.0/en_US
dc.sourceMIT web domainen_US
dc.titleDerailer: interactive security analysis for web applicationsen_US
dc.typeArticleen_US
dc.identifier.citationJoseph P. Near and Daniel Jackson. 2014. Derailer: interactive security analysis for web applications. In Proceedings of the 29th ACM/IEEE international conference on Automated software engineering (ASE '14). ACM, New York, NY, USA, 587-598.en_US
dc.contributor.departmentMassachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratoryen_US
dc.contributor.departmentMassachusetts Institute of Technology. Department of Electrical Engineering and Computer Scienceen_US
dc.contributor.mitauthorNear, Joseph Paulen_US
dc.contributor.mitauthorJackson, Danielen_US
dc.relation.journalProceedings of the 29th ACM/IEEE international conference on Automated software engineering (ASE '14)en_US
dc.eprint.versionAuthor's final manuscripten_US
dc.type.urihttp://purl.org/eprint/type/ConferencePaperen_US
eprint.statushttp://purl.org/eprint/status/NonPeerRevieweden_US
dspace.orderedauthorsNear, Joseph P.; Jackson, Danielen_US
dc.identifier.orcidhttps://orcid.org/0000-0003-4864-078X
dspace.mitauthor.errortrue
mit.licenseOPEN_ACCESS_POLICYen_US
mit.metadata.statusComplete


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record