서브메뉴
검색
상세정보
Lost in Translation: Security and Bug-Finding in Foreign Function Interfaces and Multi Language Programs.- [electronic resources]
Lost in Translation: Security and Bug-Finding in Foreign Function Interfaces and Multi Language Programs.- [electronic resources]
상세정보
- 자료유형
- 학위논문(국외)
- 자관 청구기호
- 기본표목-개인명
- 표제와 책임표시사항
- Lost in Translation: Security and Bug-Finding in Foreign Function Interfaces and Multi Language Programs. - [electronic resources]
- 발행, 배포, 간사 사항
- 발행, 배포, 간사 사항
- 형태사항
- 133 p.
- 일반주기
- Source: Dissertations Abstracts International, Volume: 87-05, Section: B.
- 일반주기
- Advisor: Kim, Taesoo.
- 학위논문주기
- Thesis (Ph.D.)--Georgia Institute of Technology, 2025.
- 요약 등 주기
- 요약Modern software programs often make use of multiple programming languages. Each language has its own set of advantages and disadvantages. High-level languages like Java and Python allow rapid prototyping and fast development speeds without having to worry about low-level details such as memory management. Low-level systems programming languages like C allow for easier interfacing with hardware and can be used to write very high performance code. However, they require the programmer to manage memory carefully, lest they introduce critical memory safety issues.Due to these differences and disparities in the semantics and security considerations of different languages, there is a likelihood of security issues being introduced when programmers context-switch between writing in multiple languages. For example, a programmer who is used to array accesses being bounds-checked by the language may end up introducing a spatial memory-safety issue with an out-of-bounds access. One who is used to garbage collection and is unfamiliar with the nuances of manual memory management may introduce a use-after-free vulnerability.In this thesis, we start by taking a look at a broad survey of how these multi-language programs and foreign function interfaces are implemented. We dive into the details of how complexity can leak in these multi-language programs. Next, we apply existing vulnerability discovery techniques on Android to find these cross-language bugs at language layers between Java and C/C++ using the Java Native Interface (JNI).Finally, this thesis presents a novel technique that eases the burden of implementing concolic testing for any programming language. Through the use of a simple debugging feature of line-by-line execution and a Large Language Model (LLM), we produce produce constraints in a verifiable manner. We show these concolic testing engines to be sound and use them for hybrid fuzzing of cross-language programs.
- 주제명부출표목-일반주제명
- 주제명부출표목-일반주제명
- 주제명부출표목-일반주제명
- 주제명부출표목-일반주제명
- 주제명부출표목-일반주제명
- 주제명부출표목-일반주제명
- 주제명부출표목-일반주제명
- 주제명부출표목-일반주제명
- 부출표목-단체명
- 기본자료저록
- Dissertations Abstracts International. 87-05B.
- 전자적 위치 및 접속
- 원문정보보기
MARC
008260219s2025 us s 000c||eng d■001000017360473
■00520260202105532
■006m o d
■007cr#unu||||||||
■020 ▼a9798263344108
■035 ▼a(MiAaPQ)AAI32309891
■035 ▼a(MiAaPQ)GeorgiaTech77900
■040 ▼aMiAaPQ▼cMiAaPQ
■0820 ▼a001
■090 ▼a전자자료
■1001 ▼aAskar, Ammar.
■24510▼aLost in Translation: Security and Bug-Finding in Foreign Function Interfaces and Multi Language Programs.▼h[electronic resources]
■260 ▼a[S.l.]▼bGeorgia Institute of Technology. ▼c2025
■260 1▼aAnn Arbor▼bProQuest Dissertations & Theses▼c2025
■300 ▼a133 p.
■500 ▼aSource: Dissertations Abstracts International, Volume: 87-05, Section: B.
■500 ▼aAdvisor: Kim, Taesoo.
■5021 ▼aThesis (Ph.D.)--Georgia Institute of Technology, 2025.
■520 ▼aModern software programs often make use of multiple programming languages. Each language has its own set of advantages and disadvantages. High-level languages like Java and Python allow rapid prototyping and fast development speeds without having to worry about low-level details such as memory management. Low-level systems programming languages like C allow for easier interfacing with hardware and can be used to write very high performance code. However, they require the programmer to manage memory carefully, lest they introduce critical memory safety issues.Due to these differences and disparities in the semantics and security considerations of different languages, there is a likelihood of security issues being introduced when programmers context-switch between writing in multiple languages. For example, a programmer who is used to array accesses being bounds-checked by the language may end up introducing a spatial memory-safety issue with an out-of-bounds access. One who is used to garbage collection and is unfamiliar with the nuances of manual memory management may introduce a use-after-free vulnerability.In this thesis, we start by taking a look at a broad survey of how these multi-language programs and foreign function interfaces are implemented. We dive into the details of how complexity can leak in these multi-language programs. Next, we apply existing vulnerability discovery techniques on Android to find these cross-language bugs at language layers between Java and C/C++ using the Java Native Interface (JNI).Finally, this thesis presents a novel technique that eases the burden of implementing concolic testing for any programming language. Through the use of a simple debugging feature of line-by-line execution and a Large Language Model (LLM), we produce produce constraints in a verifiable manner. We show these concolic testing engines to be sound and use them for hybrid fuzzing of cross-language programs.
■590 ▼aSchool code: 0078.
■650 4▼aSoftware.
■650 4▼aJava.
■650 4▼aProgramming languages.
■650 4▼aLibraries.
■650 4▼aPython.
■650 4▼aC plus plus.
■650 4▼aLarge language models.
■650 4▼aSemantics.
■690 ▼a0800
■71020▼aGeorgia Institute of Technology.
■7730 ▼tDissertations Abstracts International▼g87-05B.
■790 ▼a0078
■791 ▼aPh.D.
■792 ▼a2025
■793 ▼aEnglish
■85640▼uhttp://www.riss.kr/pdu/ddodLink.do?id=T17360473▼nKERIS▼z이 자료의 원문은 한국교육학술정보원에서 제공합니다.
