Static program analysis for string manipulation languages

In recent years, dynamic languages, such as JavaScript or Python, have been increasingly used in a wide range of fields and applications. Their tricky and misunderstood behaviors pose a hard challenge for static analysis of these programming languages. A key aspect of any dynamic language program is the multiple usage of strings, since they can be implicitly converted to another type value, transformed by string-to-code primitives or used to access an object-property. Unfortunately, string analyses for dynamic languages still lack precision and do not take into account some important string features. Moreover, string obfuscation is very popular in the context of dynamic language malicious code, for example, to hide code information inside strings and then to dynamically transform strings into executable code. In this scenario, more precise string analyses become a necessity. This paper is placed in the context of static string analysis by abstract interpretation and proposes a new semantics for string analysis, placing a first step for handling dynamic languages string features

Analyzing Dynamic Code: A Sound Abstract Interpreter for Evil Eval

Dynamic languages, such as JavaScript, employ string-to-code primitives to turn dynamically generated text into executable code at run-time. These features make standard static analysis extremely hard if not impossible, because its essential data structures, i.e., the control-flow graph and the system of recursive equations associated with the program to analyze, are themselves dynamically mutating objects. Nevertheless, assembling code at run-time by manipulating strings, such as by eval in JavaScript, has been always strongly discouraged, since it is often recognized that "eval is evil,"leading static analyzers to not consider such statements or ignoring their effects. Unfortunately, the lack of formal approaches to analyze string-to-code statements pose a perfect habitat for malicious code, that is surely evil and do not respect good practice rules, allowing them to hide malicious intents as strings to be converted to code and making static analyses blind to the real malicious aim of the code. Hence, the need to handle string-to-code statements approximating what they can execute, and therefore allowing the analysis to continue (even in the presence of dynamically generated program statements) with an acceptable degree of precision, should be clear. To reach this goal, we propose a static analysis allowing us to collect string values and to soundly over-approximate and analyze the code potentially executed by a string-to-code statement

Improving dynamic code analysis by code abstraction

In this paper, our aim is to propose a model for code abstraction, based on abstract interpretation, allowing us to improve the precision of a recently proposed static analysis by abstract interpretation of dynamic languages. The problem we tackle here is that the analysis may add some spurious code to the string-to-execute abstract value and this code may need some abstract representations in order to make it analyzable. This is precisely what we propose here, where we drive the code abstraction by the analysis we have to perform

A sound abstract interpreter for dynamic code

Dynamic languages, such as JavaScript, employ string-to-code primitives to turn dynamically generated text into executable code at run-time. These features make standard static analysis extremely hard if not impossible because its essential data structures, i.e., the control-flow graph and the system of recursive equations associated with the program to analyze, are themselves dynamically mutating objects. Hence, the need to handle string-to-code statements approximating what they can execute, and therefore allowing the analysis to continue (even in presence of string-to-code statements) with an acceptable degree of precision. In order to reach this goal, we propose a static analysis allowing us to collect string values and allowing us to soundly over-approximate and analyze the code potentially executed by a string-to-code statement

An abstract domain for objects in dynamic programming languages

Dynamic languages, such as JavaScript, PHP, Python or Ruby, provide a memory model for objects data structures allowing programmers to dynamically create, manipulate, and delete objects’ properties. Moreover, in dynamic languages it is possible to access and update properties by using strings: this represents a hard challenge for static analysis. In this paper, we exploit the finite state automata abstract domain, approximating strings, in order to define a novel abstract domain for objects. We design an abstract interpreter useful to analyze objects in a toy language, inspired by real-word dynamic programming languages. We then show, by means of minimal yet expressive examples, the precision of the proposed abstract domain

Static analysis for ECMAscript string manipulation programs

In recent years, dynamic languages, such as JavaScript or Python, have been increasingly used in a wide range of fields and applications. Their tricky and misunderstood behaviors pose a great challenge for static analysis of these languages. A key aspect of any dynamic language program is the multiple usage of strings, since they can be implicitly converted to another type value, transformed by string-to-code primitives or used to access an object-property. Unfortunately, string analyses for dynamic languages still lack precision and do not take into account some important string features. In this scenario, more precise string analyses become a necessity. The goal of this paper is to place a first step for precisely handling dynamic language string features. In particular, we propose a new abstract domain approximating strings as finite state automata and an abstract interpretation-based static analysis for the most common string manipulating operations provided by the ECMAScript specification. The proposed analysis comes with a prototype static analyzer implementation for an imperative string manipulating language, allowing us to show and evaluate the improved precision of the proposed analysis

Completeness of string analysis for dynamic languages

In Abstract Interpretation, completeness ensures that the analysis does not lose information with respect to the property of interest. In particular, for dynamic languages like JavaScript, completeness of string analysis is a key security issue, as poorly managed string manipulation code may easily lead to significant security flaws. In this paper, we provide a systematic and constructive approach for generating the completion of string domains for dynamic languages, and we apply it to the refinement of existing string abstractions. We also provide an effective procedure to measure the precision improvement obtained when lifting the analysis to complete domains

Salmonella Paratyphi A Outer Membrane Vesicles Displaying Vi Polysaccharide as a Multivalent Vaccine against Enteric Fever.

Typhoid and paratyphoid fevers have a high incidence worldwide and coexist in many geographical areas, especially in low-middle-income countries (LMIC) in South and Southeast Asia. There is extensive consensus on the urgent need for better and affordable vaccines against systemic Salmonella infections. Generalized modules for membrane antigens (GMMA), outer membrane exosomes shed by Salmonella bacteria genetically manipulated to increase blebbing, resemble the bacterial surface where protective antigens are displayed in their native environment. Here, we engineered S Paratyphi A using the pDC5-viaB plasmid to generate GMMA displaying the heterologous S Typhi Vi antigen together with the homologous O:2 O antigen. The presence of both Vi and O:2 was confirmed by flow cytometry on bacterial cells, and their amount was quantified on the resulting vesicles through a panel of analytical methods. When tested in mice, such GMMA induced a strong antibody response against both Vi and O:2, and these antibodies were functional in a serum bactericidal assay. Our approach yielded a bivalent vaccine candidate able to induce immune responses against different Salmonella serovars, which could benefit LMIC residents and travelers.BactiVac catalyst Grant in collaboration with GSK

Long term impact of systemic bacterial infection on the cerebral vasculature and microglia

Background: Systemic infection leads to generation of inflammatory mediators that result in metabolic and behavioural changes. Repeated or chronic systemic inflammation leads to a state of innate immune tolerance: a protective mechanism against over-activity of the immune system. In this study we investigated the immune adaptation of microglia and brain vascular endothelial cells in response to systemic inflammation or bacterial infection. Methods: Mice were given repeated doses of lipopolysaccharide (LPS) or a single injection of live Salmonella typhimurium. Inflammatory cytokines were measured in serum, spleen and brain, and microglial phenotype studied by immunohistochemistry.mice were infected with Salmonella typhimurium and subsequently challenged with a focal unilateral, intracerebral injection of LPS. Results: Repeated systemic LPS challenges resulted in increased brain IL-1?, TNF? and IL-12 levels, despite attenuated systemic cytokine production. Each LPS challenge induced significant changes in burrowing behaviour. In contrast, brain IL-1? and IL-12 levels in Salmonella typhimurium infected mice increased over three weeks, with high interferon-? levels in the circulation. Behavioural changes were only observed during the acute phase of the infection. Microglia and cerebral vasculature display an activated phenotype, and focal intracerebral injection of LPS 4 weeks after infection results in an exaggerated local inflammatory response when compared to non-infected mice. Conclusions: These studies reveal that the innate immune cells in the brain do not become tolerant to systemic infection, but are primed instead. This may lead to prolonged and damaging cytokine production that may have aprofound effect on the onset and/ or progression of pre-existing neurodegenerative disease.Humans and animals are regularly exposed to bacterial and viral pathogens that can have a considerable impact on our day-to-day living [1]. Upon infection, a set of immune, physiological, metabolic, and behavioural responses is initiated, representing a highly organized strategy of the organism to fight infection. Pro-inflammatory mediators generated in peripheral tissue communicate with the brain to modify behaviour [2], which aids our ability to fight and eliminate the pathogen. The communication pathways from the site of inflammation to the brain have been investigated in animal models and systemic challenge with lipopolysaccharide (LPS) or double stranded RNA (poly I:C) have been widely used to mimic aspects of bacterial and viral infection respectively [3, 4]. These studies have provided evidence that systemically generated inflammatory mediators signal to the brain via both neural and humoral routes, the latter signalling via the circumventricular organs or across the blood-brain barrier (BBB). Signalling into the brain via these routes evokes a response in the perivascular macrophages (PVMs) and microglia, which in turn synthesise diverse inflammatory mediators including cytokines, prostaglandins and nitric oxide [2, 5, 6]. Immune-to-brain communication also occurs in humans who show changes in mood and cognition following systemic inflammation or infection, which are associated with changes in activity in particular regions of the CNS [7-9]. While these changes are part of our normal homeostasis, it is increasingly evident that systemic inflammation has a detrimental effect in animals and also humans, that suffer from chronic neurodegeneration [10, 11]. We, and others, have shown that microglia become primed by on-going neuropathology in the brain, which increases their response towards subsequent inflammatory stimuli, including systemic inflammation [12, 13] Similar findings have been made in aged rodents [14, 15], where it has been shown that there is an exaggerated behavioural and innate immune response in the brainto systemic bacterial and viral infections, but the molecular mechanisms underlying the microglial priming under these conditions is far from understood.Humans and animals are rarely exposed to a single acute systemic inflammatory event: they rather encounter infectious pathogens that replicate in vivo or are exposed to low concentrations of LPS over a prolonged period of time. There is limited information on the impact of non-neurotrophic bacterial infections on the CNS and whether prolonged systemic inflammation will give rise to either a hyper-(priming) or hypo-(tolerance) innate immune response in the brain in response to a subsequent inflammatory stimulus.In this study we measured the levels of cytokines in the serum, spleen and brain as well as assessing sickness behaviour following a systemic bacterial infection using attenuated Salmonella typhimurium SL3261: we compared the effect to that of repeated LPS injections. We show that Salmonella typhimurium caused acute, transient behavioural changes and a robust peripheral immune response that peaks at day 7. Systemic inflammation resulted in a delayed increase in cytokine production in the brain and priming of microglia, which persisted up to four weeks post infection. These effects were not mimicked by repeated LPS challenges. It is well recognised that systemic bacterial and viral infections are significant contributors to morbidity in the elderly [16], and it has been suggested that primed microglia play a role in the increased clinical symptoms seen in patients with Alzheimer’s disease who have systemic inflammation or infections [11, 17]. We show here that systemic infection leads to prolonged cytokine synthesis in the brain and also priming of brain innate immune cells to a subsequent focal inflammatory challenge in the brain parenchyma

Divergent Roles of Salmonella Pathogenicity Island 2 and Metabolic Traits during Interaction of S. enterica Serovar Typhimurium with Host Cells

The molecular mechanisms of virulence of the gastrointestinal pathogen Salmonella enterica are commonly studied using cell culture models of infection. In this work, we performed a direct comparison of the interaction of S. enterica serovar Typhimurium (S. Typhimurium) with the non-polarized epithelial cell line HeLa, the polarized cell lines CaCo2, T84 and MDCK, and macrophage-like RAW264.7 cells. The ability of S. Typhimurium wild-type and previously characterized auxotrophic mutant strains to enter host cells, survive and proliferate within mammalian cells and deploy the Salmonella Pathogenicity Island 2-encoded type III secretion system (SPI2-T3SS) was quantified. We found that the entry of S. Typhimurium into polarized cells was much more efficient than entry into non-polarized cells or phagocytic uptake. While SPI2-T3SS dependent intracellular proliferation was observed in HeLa and RAW cells, the intracellular replication in polarized cells was highly restricted and not affected by defective SPI2-T3SS. The contribution of aromatic amino acid metabolism and purine biosynthesis to intracellular proliferation was distinct in the various cell lines investigated. These observations indicate that the virulence phenotypes of S. Typhimurium are significantly affected by the cell culture model applied