MSE Research Project Database

Effective software vulnerability detection for web services

Project Leader: Peter Stuckey
Staff: Peter Stuckey, Harald Sondergaard, Peter Schachte
Collaborators: Graeme Gange (CIS), Roberto Amidini (CIS), Francois Gauthier (Oracle), Alexander Jordan (Oracle)
Sponsors: Oracle, Australian Research Council
Primary Contact: Peter Stuckey (
Disciplines: Computing and Information Systems
Domains: Networks and data in society

This project will design and implement new and better methods to find vulnerabilities in software services delivered over the web or through the cloud, as well as methods for proving the absence of certain types of vulnerability. So-called injection attacks are pervasive and generally considered the most important security threat on today's Internet. The programming languages used for software services tend to use strings as a universal data structure, which unfortunately makes it hard to separate trusted code from untrusted user- provided data. This project will develop novel program analysis tools and string constraint solvers, and employ these tools to support sophisticated automated reasoning about string manipulating software.