DOCSLIB.ORG

UC Berkeley UC Berkeley Electronic Theses and Dissertations

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
UC Berkeley UC Berkeley Electronic Theses and Dissertations UC Berkeley UC Berkeley Electronic Theses and Dissertations Title Language and Framework Support for Reviewably-Secure Software Systems Permalink https://escholarship.org/uc/item/8ng213vq Author Mettler, Adrian Matthew Publication Date 2012 Peer reviewed|Thesis/dissertation eScholarship.org Powered by the California Digital Library University of California Language and Framework Support for Reviewably-Secure Software Systems by Adrian Matthew Mettler A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor David Wagner, Chair Professor Deirdre Mulligan Professor Dawn Song Fall 2012 Language and Framework Support for Reviewably-Secure Software Systems Copyright 2012 by Adrian Matthew Mettler 1 Abstract Language and Framework Support for Reviewably-Secure Software Systems by Adrian Matthew Mettler Doctor of Philosophy in Computer Science University of California, Berkeley Professor David Wagner, Chair My thesis is that languages and frameworks can and should be designed to make it easier for programmers to write reviewably secure systems. A system is reviewably secure if its security is easy for an experienced programmer to verify, given access to the source code. A security reviewer should be able, with a reasonable amount of effort, to gain confidence that such a system meets its stated security goals. This dissertation includes work on on language subsetting and web application framework design. It presents Joe-E, a subset of the Java programming language designed to enforce object- capability security, simplifying the task of verifying a variety of security properties by en- abling sound, local reasoning. Joe-E also enforces determinism-by-default, which permits functionally-pure methods to be identified by their signature. Functional purity is a useful property that can greatly simplify the task of correctly implementing and reasoning about application code. A number of applications of the Joe-E language are presented and evalu- ated. The second part of this dissertation presents tool and framework enhancements for improving the security of web applications. I present techniques for retrofitting existing web applications to use template systems effectively to prevent cross-site scripting and content injection vulnerabilities while preserving functionality. I also show how HTML templates can be rewritten to normalize their output, improving the assurance of security provided by automatic escaping and other static analyses. These two applications of my thesis demonstrate that practical enhancements to lan- guages and frameworks can support developers in creating more secure software that is easier to review. Continued improvement in language and framework support for reviewability is a promising approach toward improving the security provided by modern software. i To everyone who has believed in me, especially my family. ii Contents List of Figures vii List of Tables ix Acknowledgements x 1 Introduction 1 1.1 Background . 1 1.1.1 Security Review . 1 1.1.2 Programming Languages and Abstractions . 3 1.1.3 Web Templating Languages . 4 1.2 Summary . 5 1.2.1 Joe-E: A Security-Oriented Subset of Java . 6 1.2.2 Improving Security of Template-Based Web Applications . 9 2 Joe-E: An Object-Capability Subset of Java 11 2.1 Introduction . 11 2.2 Goals and Overview . 17 2.2.1 Ease of use . 17 2.2.2 Supporting secure software . 18 2.2.3 Supporting security code review . 19 2.3 Approach . 20 2.3.1 Subsetting . 21 2.4 Design of Joe-E . 21 2.4.1 Memory Safety and Encapsulation . 22 2.4.2 Removing Ambient Authority . 23 2.4.3 Exceptions and Errors . 26 2.5 Programming Patterns . 28 2.5.1 Reachability and Object Graph analysis . 28 2.5.2 Leveraging Static Typing . 29 2.5.3 Defensive Consistency . 31 2.5.4 Immutability . 31 Contents iii 2.5.5 Attenuation of Authority . 32 2.5.6 Facets . 32 2.6 Implementation . 33 2.7 Conclusions . 36 3 Verifiable Functional Purity in Joe-E 37 3.1 Introduction . 37 3.2 Applications . 39 3.2.1 Reproducibility . 40 3.2.2 Invertibility . 40 3.2.3 Untrusted code execution . 41 3.2.4 Building robust systems . 43 3.2.5 Bug reduction . 43 3.2.6 Assertions and Specifications . 44 3.3 Definitions . 45 3.3.1 Side-effect freeness . 45 3.3.2 Determinism . 45 3.4 Approach . 46 3.4.1 Equivalence of reference lists . 47 3.4.2 Immutability . 48 3.5 Pure methods . 49 3.6 Implementation . 49 3.6.1 Side effects and Nondeterminism . 50 3.6.2 Immutability . 53 3.6.3 Verifying Purity . 53 3.7 Evaluation and Experience . 54 3.7.1 AES library . 55 3.7.2 Voting machine . 56 3.7.3 HTML parser . 57 3.7.4 Summary of patterns . 60 3.7.5 Waterken Server . 60 3.8 Discussion . 61 3.9 Conclusions . 62 4 Joe-E's Overlay Type System and Marker Interfaces 63 4.1 Introduction . 63 4.2 Overlay Type System . 65 4.2.1 Marker Interfaces . 66 4.2.2 Properties . 67 4.2.3 Formalizations . 67 4.3 Immutability . 72 4.3.1 Ensuring Final Means Final . 73 Contents iv 4.4 Identity-based Authority . 74 4.4.1 Power and Tokens . 75 4.4.2 Powerless . 76 4.5 Selfless and Equatable . 78 4.6 Conclusions . 81 4.7 Appendix: Proofs of Theorems . 82 4.7.1 Completeness . 82 4.7.2 Non-circularity . 83 5 Applications of Joe-E 85 5.1 Waterken . 85 5.1.1 Consistent Persistence . 86 5.1.2 Cache Coherence . 87 5.1.3 Remote capabilities . 88 5.2 Capsules . 89 5.2.1 Design . 89 5.2.2 Implementation . 90 5.2.3 Evaluation . 91 6 Related Work: Joe-E 99 6.1 Capabilities . 99 6.1.1 Object-Capability Languages . 99 6.1.2 Privilege Separation . 100 6.2 Security for Java and Related Languages . 100 6.3 Functional Purity . 101 6.3.1 Side Effects . 102 6.3.2 Functionally Pure Languages . 103 6.4 Overlay Type Systems . 104 7 Retrofitting Web Applications for Security Review of Cross-Site Scripting Resistance 106 7.1 Introduction . 106 7.2 Background . 108 7.3 Problem . 110 7.4 Approach . 112 7.4.1 Mitigation Mode . 113 7.4.2 Strict Mode . 113 7.5 Implementation . ..
Load more

Recommended publications
  • Debreach: Selective Dictionary Compression to Prevent BREACH and CRIME
    debreach: Selective Dictionary Compression to Prevent BREACH and CRIME A THESIS SUBMITTED TO THE FACULTY OF THE GRADUATE SCHOOL OF THE UNIVERSITY OF MINNESOTA BY Brandon Paulsen IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE Professor Peter A.H. Peterson July 2017 © Brandon Paulsen 2017 Acknowledgements First, I’d like to thank my advisor Peter Peterson and my lab mate Jonathan Beaulieu for their insights and discussion throughout this research project. Their contributions have undoubtedly improved this work. I’d like to thank Peter specifically for renew- ing my motivation when my project appeared to be at a dead–end. I’d like to thank Jonathan specifically for being my programming therapist. Next, I’d like to thank my family and friends for constantly supporting my aca- demic goals. In particular, I’d like to thank my mom and dad for their emotional support and encouragement. I’d like to thank my brother Derek and my friend Paul “The Wall” Vaynshenk for being great rock climbing partners, which provided me the escape from work that I needed at times. I’d like to again thank Jonathan Beaulieu and Xinru Yan for being great friends and for many games of Settlers of Catan. I’d like to thank Laura Krebs for helping me to discover my passion for academics and learning. Finally, I’d like to thank my fellow graduate students and the computer science faculty of UMD for an enjoyable graduate program. I’d also like to thank Professor Bethany Kubik and Professor Haiyang Wang for serving on my thesis committee.
    [Show full text]
  • Turbo.Lua Documentation Release 2.1.2
    Turbo.lua Documentation Release 2.1.2 John Abrahamsen Nov 02, 2018 Contents 1 Hello World 3 2 Supported Architectures 5 3 Supported Operating Systems7 4 Installation 9 5 Object oriented Lua 11 6 Packaging 13 7 Dependencies 15 8 License 17 9 Tutorials 19 9.1 Get Started With Turbo.......................................... 19 9.1.1 Installing Turbo......................................... 19 9.1.2 Hello World........................................... 20 9.1.3 Request parameters....................................... 20 9.1.4 Routes.............................................. 20 9.1.5 Serving Static Files....................................... 21 9.1.6 JSON Output.......................................... 22 9.2 Asynchronous modules......................................... 22 9.2.1 Overview............................................ 22 9.2.2 Example module........................................ 24 10 API documentation 27 10.1 Turbo.lua API Versioning........................................ 27 10.1.1 Preliminaries.......................................... 27 10.1.2 Module Version......................................... 27 10.2 turbo.web – Core web framework.................................... 28 10.2.1 RequestHandler class...................................... 28 10.2.2 HTTPError class........................................ 32 10.2.3 StaticFileHandler class..................................... 32 10.2.4 RedirectHandler class...................................... 33 10.2.5 Application class........................................ 33
    [Show full text]
  • Secure Coding Open Source Libraries for Java Programmers
    Secure Coding Open Source Libraries for Java Programmers Jim Manico @manicode OWASP Volunteer - Global OWASP Board Member Independent Secure Coding Instructor - Developer 17+ years - Secure coding educator - Co-author of "Iron Clad Java Building Secure Web ApplicaGons" from Oracle Press McGraw Hill Kama'aina Resident of Kauai, Hawaii - Aloha! Authen;caon Password Storage Defense Overview • Offline A?acks – Avoid Hashing or Encrypon – Use proper key derivaDon funcDons and stretching configuraons – Use random and unique per-user salts • Less effec;ve against targeted aacks, but use them anyhow – Strict Password Policy – Mul;-Factor Authen;caon reference: Openwall and http://www.openwall.com/presentations Password Storage !Store password based on need "Use a salt (de-duplicaon) "BCRYPT/SCRYPT/PBKDF2 (slow, performance hit, easy) "HMAC (requires good key storage, tough) Allow very complex and long passwords 1) Do not limit the type of characters or length of user password • Limiting passwords to protect against injection is doomed to failure • Use proper encoder and other defenses described instead • Set large password length limits • Django DOS vulnerability Salt passwords uniquely for each user 2) Use a cryptographically strong credential-specific salt protect( salt + password ); • Use a 32char or 64char salt (actual size dependent on protection function); • Do not depend on hiding, splitting, or otherwise obscuring the salt Leverage One-Way Keyed Func;ons 3) Impose difficult verification on [only] the attacker (strong/fast) HMAC-SHA-256( key,
    [Show full text]
  • The Virtual Faraday Cage
    University of Calgary PRISM: University of Calgary's Digital Repository Graduate Studies The Vault: Electronic Theses and Dissertations 2013-08-09 The Virtual Faraday Cage King, James King, J. (2013). The Virtual Faraday Cage (Unpublished master's thesis). University of Calgary, Calgary, AB. doi:10.11575/PRISM/28416 http://hdl.handle.net/11023/867 master thesis University of Calgary graduate students retain copyright ownership and moral rights for their thesis. You may use this material in any way that is permitted by the Copyright Act or through licensing that has been assigned to the document. For uses that are not allowable under copyright legislation or licensing, you are required to seek permission. Downloaded from PRISM: https://prism.ucalgary.ca UNIVERSITY OF CALGARY The Virtual Faraday Cage by James King A THESIS SUBMITTED TO THE FACULTY OF GRADUATE STUDIES IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF A MASTERS OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE CALGARY, ALBERTA AUGUST, 2013 c James King 2013 Abstract This thesis' primary contribution is that of a new architecture for web application plat- forms and their extensions, entitled \The Virtual Faraday Cage". This new architecture addresses some of the privacy and security related problems associated with third-party extensions running within web application platforms. A proof-of-concept showing how the Virtual Faraday Cage could be implemented is described. This new architecture aims to help solve some of the key security and privacy con- cerns for end-users in web applications by creating a mechanism by which a third-party could create an extension that works with end-user data, but which could never leak such information back to the third-party.
    [Show full text]
  • Fundamental Data Structures Contents
    Fundamental Data Structures Contents 1 Introduction 1 1.1 Abstract data type ........................................... 1 1.1.1 Examples ........................................... 1 1.1.2 Introduction .......................................... 2 1.1.3 Defining an abstract data type ................................. 2 1.1.4 Advantages of abstract data typing .............................. 4 1.1.5 Typical operations ...................................... 4 1.1.6 Examples ........................................... 5 1.1.7 Implementation ........................................ 5 1.1.8 See also ............................................ 6 1.1.9 Notes ............................................. 6 1.1.10 References .......................................... 6 1.1.11 Further ............................................ 7 1.1.12 External links ......................................... 7 1.2 Data structure ............................................. 7 1.2.1 Overview ........................................... 7 1.2.2 Examples ........................................... 7 1.2.3 Language support ....................................... 8 1.2.4 See also ............................................ 8 1.2.5 References .......................................... 8 1.2.6 Further reading ........................................ 8 1.2.7 External links ......................................... 9 1.3 Analysis of algorithms ......................................... 9 1.3.1 Cost models ......................................... 9 1.3.2 Run-time analysis
    [Show full text]
  • Code Injection Vulnerabilities in Web Applications - Exemplified at Cross-Site Scripting Martin Johns
    Dissertation zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften Code Injection Vulnerabilities in Web Applications - Exemplified at Cross-site Scripting Martin Johns Eingereicht an der Fakult¨atf¨urInformatik und Mathematik der Universit¨atPassau Gutachter: Prof. Dr. Joachim Posegga Prof. Dr. Dieter Gollmann Submitted April 14th 2009, defended July 22nd 2009 2 Abstract The majority of all security problems in today’s Web applications is caused by string- based code injection, with Cross-site Scripting (XSS) being the dominant representative of this vulnerability class. This thesis discusses XSS and suggests defense mechanisms. We do so in three stages: First, we conduct a thorough analysis of JavaScript’s capabilities and explain how these capabilities are utilized in XSS attacks. We subsequently design a systematic, hierarchical classification of XSS payloads. In addition, we present a comprehensive sur- vey of publicly documented XSS payloads which is structured according to our proposed classification scheme. Secondly, we explore defensive mechanisms which dynamically prevent the execution of some payload types without eliminating the actual vulnerability. More specifically, we discuss the design and implementation of countermeasures against the XSS payloads “Session Hijacking”, “Cross-site Request Forgery”, and attacks that target intranet re- sources. We build upon this and introduce a general methodology for developing such countermeasures: We determine a necessary set of basic capabilities an adversary needs for successfully executing an attack through an analysis of the targeted payload type. The resulting countermeasure relies on revoking one of these capabilities, which in turn renders the payload infeasible. Finally, we present two language-based approaches that prevent XSS and related vul- nerabilities: We identify the implicit mixing of data and code during string-based syn- tax assembly as the root cause of string-based code injection attacks.
    [Show full text]
  • Javascript: the First 20 Years
    JavaScript: The First 20 Years ALLEN WIRFS-BROCK, Wirfs-Brock Associates, Inc., USA BRENDAN EICH, Brave Software, Inc., USA Shepherds: Sukyoung Ryu, KAIST, South Korea Richard P. Gabriel: poet, writer, computer scientist How a sidekick scripting language for Java, created at Netscape in a ten-day hack, ships first as a de facto Web standard and eventually becomes the world’s most widely used programming language. This paper tells the story of the creation, design, evolution, and standardization of the JavaScript language over the period of 1995–2015. But the story is not only about the technical details of the language. It is also the story of how people and organizations competed and collaborated to shape the JavaScript language which dominates the Web of 2020. CCS Concepts: • General and reference ! Computing standards, RFCs and guidelines; • Information systems ! World Wide Web; • Social and professional topics ! History of computing; History of programming languages; • Software and its engineering ! General programming languages; Scripting languages. Additional Key Words and Phrases: JavaScript, ECMAScript, Standards, Web browsers, Browser game theory, History of programming languages ACM Reference Format: Allen Wirfs-Brock and Brendan Eich. 2020. JavaScript: The First 20 Years. Proc. ACM Program. Lang. 4, HOPL (June 2020), 190 pages. https://doi.org/10.1145/3386327 1 INTRODUCTION In 2020, the World Wide Web is ubiquitous with over a billion websites accessible from billions of Web-connected devices. Each of those devices runs a Web browser or similar program which is able to process and display pages from those sites. The majority of those pages embed or load source code written in the JavaScript programming language.
    [Show full text]
  • TESIS JOSE MAZA 2018.Pdf
    UNIVERSIDAD PARTICULAR DE CHICLAYO FACULTAD DE ARQUITECTURA Y URBANISMO E INGENIERIAS ESCUELA PROFESIONAL DE INGENIERIA INFORMATICA Y DE SISTEMAS TRABAJO DE SUFICIENCIA PROFESIONAL “IMPLEMENTACIÓN DE UNA APLICACIÓN WEB PARA EL SEGUIMIENTO DE PERSONAS MAYORES DE EDAD UTILIZANDO GEOLOCALIZACIÓN DESDE UN DISPOSITIVO ANDROID CONECTADO A UN SERVIDOR WEB CON MYSQL” PARA OPTAR EL TÍTULO PROFESIONAL DE: INGENIERO INFORMÁTICO Y DE SISTEMAS AUTOR: Bach. Maza Montes Jose Waldir Chiclayo, mayo de 2017 SUSTENTACIÓN DE TRABAJO DE SUFICIENCIA PROFESIONAL TITULO: “IMPLEMENTACIÓN DE UNA APLICACIÓN WEB PARA EL SEGUIMIENTO DE PERSONAS MAYORES DE EDAD UTILIZANDO GEOLOCALIZACIÓN DESDE UN DISPOSITIVO ANDROID CONECTADO A UN SERVIDOR WEB CON MYSQL" Presentado como requisito para optar el Título Profesional de INGENIERO INFORMÁTICO Y DE SISTEMAS, sustentado por: ___________________________________ Jose Waldir Maza Montes Bachiller en Ingeniería Informática y de Sistemas Aprobado por los siguientes Miembros de Jurado: Ing. Cristian Quesada Machado PRESIDENTE Ing. Eduardo Arrascue Becerra SECRETARIO Ing. Luis Aguilar Fernández VOCAL Fecha de Sustentación: Chiclayo, 19 de mayo de 2017 2 DEDICATORIA El presente se lo dedico a mi dios quien supo guiarme por el buen camino, darme fuerzas para seguir adelante y no desmayar en los problemas que se presentaban, enseñándome a encarar las actividades sin perder nunca la dignidad ni desfallecer en el intento. A mi familia quienes por ellos soy lo que soy. Para mis padres por su apoyo consejos, comprensión, amor, ayuda en los momentos difíciles, y por ayudarme con los recursos necesarios para estudiar. Me han dado todo lo que soy como persona, mis valores, mis principios, mi carácter, mi empeño, mi perseverancia, mi coraje para conseguir mis objetivos.
    [Show full text]
  • Language and Framework Support for Reviewably- Secure Software Systems
    Language and Framework Support for Reviewably- Secure Software Systems Adrian Mettler Electrical Engineering and Computer Sciences University of California at Berkeley Technical Report No. UCB/EECS-2012-244 http://www.eecs.berkeley.edu/Pubs/TechRpts/2012/EECS-2012-244.html December 13, 2012 Copyright © 2012, by the author(s). All rights reserved. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission. Language and Framework Support for Reviewably-Secure Software Systems by Adrian Matthew Mettler A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor David Wagner, Chair Professor Deirdre Mulligan Professor Dawn Song Fall 2012 Language and Framework Support for Reviewably-Secure Software Systems Copyright 2012 by Adrian Matthew Mettler 1 Abstract Language and Framework Support for Reviewably-Secure Software Systems by Adrian Matthew Mettler Doctor of Philosophy in Computer Science University of California, Berkeley Professor David Wagner, Chair My thesis is that languages and frameworks can and should be designed to make it easier for programmers to write reviewably secure systems. A system is reviewably secure if its security is easy for an experienced programmer to verify, given access to the source code.
    [Show full text]
  • The Checker Framework Manual: Custom Pluggable Types for Java
    The Checker Framework Manual: Custom pluggable types for Java https://checkerframework.org/ Version 2.5.7 (4 Nov 2018) For the impatient: Section 1.3 (page 13) describes how to install and use pluggable type-checkers. Contents 1 Introduction 12 1.1 How to read this manual . 13 1.2 How it works: Pluggable types . 13 1.3 Installation . 13 1.4 Example use: detecting a null pointer bug . 13 2 Using a checker 15 2.1 Writing annotations . 15 2.2 Running a checker . 16 2.2.1 Using annotated libraries . 16 2.2.2 Distributing your annotated project . 17 2.2.3 Summary of command-line options . 17 2.2.4 Checker auto-discovery . 19 2.2.5 Shorthand for built-in checkers . 19 2.3 What the checker guarantees . 19 2.4 Tips about writing annotations . 20 2.4.1 Write annotations before you run a checker . 20 2.4.2 How to get started annotating legacy code . 20 2.4.3 Annotations indicate non-exceptional behavior . 22 2.4.4 Subclasses must respect superclass annotations . 22 2.4.5 Annotations on constructor invocations . 23 2.4.6 What to do if a checker issues a warning about your code . 24 3 Nullness Checker 26 3.1 What the Nullness Checker checks . 26 3.2 Nullness annotations . 27 3.2.1 Nullness qualifiers . 27 3.2.2 Nullness method annotations . 28 3.2.3 Initialization qualifiers . 28 3.2.4 Map key qualifiers . 28 3.3 Writing nullness annotations . 29 3.3.1 Implicit qualifiers . 29 3.3.2 Default annotation .
    [Show full text]
  • 3Rd USENIX Conference on Web Application Development (Webapps ’12)
    conference proceedings Proceedings of the 3rd USENIX Conference Application on Web Development 3rd USENIX Conference on Web Application Development (WebApps ’12) Boston, MA, USA June 13, 2012 Boston, MA, USA Sponsored by June 13, 2012 © 2012 by The USENIX Association All Rights Reserved This volume is published as a collective work. Rights to individual papers remain with the author or the author’s employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. Permission is granted to print, primarily for one person’s exclusive use, a single copy of these Proceedings. USENIX acknowledges all trademarks herein. ISBN 978-931971-94-2 USENIX Association Proceedings of the 3rd USENIX Conference on Web Application Development June 13, 2012 Boston, MA, USA Conference Organizers Program Chair Michael Maximilien, IBM Research—Watson Program Committee Patrick Chanezon, VMware, Inc. Christopher Grier, University of California, Berkeley Robert Johnson, Facebook, Inc. Emre Kıcıman, Microsoft Research Raffi Krikorian, Twitter, Inc. James Mickens, Microsoft Research Subbu Subramanian, Facebook, Inc. Samuel Talmadge King, University of Illinois at Urbana-Champaign The USENIX Association Staff External Reviewers David Huang Ajith Ranabahu WebApps ’12: 3rd USENIX Conference on Web Application Development June 13, 2012 Boston, MA, USA Message from the Program Chair ................................................................ v Wednesday, June 13 11:00–12:30 Papers 1: JavaScript, Social Modeling
    [Show full text]
  • Improving Scalability of Symbolic Execution for Software with Complex Environment Interfaces
    Improving Scalability of Symbolic Execution for Software with Complex Environment Interfaces THÈSE NO 6719 (2015) PRÉSENTÉE LE 13 JUILLET 2015 À LA FACULTÉ INFORMATIQUE ET COMMUNICATIONS LABORATOIRE DES SYSTEMES FIABLES PROGRAMME DOCTORAL EN INFORMATIQUE ET COMMUNICATIONS ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE POUR L'OBTENTION DU GRADE DE DOCTEUR ÈS SCIENCES PAR Stefan, BUCUR acceptée sur proposition du jury: Prof. J. R. Larus, président du jury Prof. G. Candea, directeur de thèse Prof. V. Adve, rapporteur Prof. J. Kinder, rapporteur Prof. W. Zwaenepoel, rapporteur Suisse 2015 2 Abstract (German) Manuelles Testen von Software ist aufwändig und fehleranfällig. Dennoch ist es die unter Fach- leuten beliebteste Methode zur Qualitätssicherung. Die Automatisierung des Testprozesses ver- spricht eine höhere Effektivität insbesondere zum Auffinden von Fehlern in Randfällen. Sym- bolische Softwareausführung zeichnet sich als automatische Testtechnik dadurch aus, dass sie keine falsch positiven Resultate hat, mögliche Programmausführungen abschliessend aufzählt, und besonders interessante Ausführungen prioritisieren kann. In der Praxis erschwert jedoch die so- genannte Path Explosion – die Tatsache, dass die Anzahl Programmausführungen im Verhältnis zur Programmgrösse exponentiell ansteigt – die Anwendung von Symbolischer Ausführung, denn Software besteht heutzutage oft aus Millionen von Zeilen Programmcode. Um Software effizient symbolisch zu testen, nutzen Entwickler die Modularität der Software und testen die einzelnen Systemkomponenten separat. Eine Komponente benötigt jedoch eine Umgebung, in der sie ihre Aufgabe erfüllen kann. Die Schnittstelle zu dieser Umgebung muss von der symbolischen Ausführungsplattform bereitgestellt werden, und zwar möglichst effizient, präzis und komplett. Dies ist das Umgebungsproblem. Es ist schwierig, das Umgebungsprob- lem ein für alle mal zu lösen, denn seine Natur hängt von der gegebenen Schnittstelle und ihrer Implementierung ab.
    [Show full text]