Holistic Concolic Execution for Dynamic Web Applications via Symbolic Interpreter Analysis
Penghui Li, Wei Meng, Mingxue Zhang, Chenlin Wang, Changhua Luo
IEEE Symposium on Security and Privacy 2024 · Day 1 · Continental Ballroom 4
This talk, presented by Penghui Li from Zhejiang University, introduces a novel approach to **concolic execution** for dynamic web applications, dubbed **Symbolic Interpreter Analysis (SIA)**. Developed in collaboration with the Chinese University of Hong Kong and Zhejiang University, this work directly tackles the long-standing challenge of analyzing multilingual web applications, where components are often written in different programming languages (e.g., PHP and C). The core innovation lies in leveraging the language interpreter itself as the primary target for symbolic analysis, rather than attempting to model high-level language constructs.
AI review
This research introduces Symbolic Interpreter Analysis (SIA), a novel concolic execution approach for multilingual web applications that directly targets the language interpreter's C implementation. It significantly outperforms prior modeling-based methods in coverage and vulnerability detection by providing a holistic, accurate, and scalable analysis, overcoming long-standing challenges in the field.