TAJ: Effective taint analysis of web applications

ACM SIGPLAN Notices

Volumn 44, Issue 6, 2009, Pages 87-97

  Tripp, Omer ^a   Pistoia, Marco ^b   Fink, Stephen ^b   Sridharan, Manu ^b   Weisman, Omri ^a  

^a IBM   (United States)

^b IBM T J WATSON RESEARCH CENTER   (United States)

Author keywords

Information flow; Integrity; Security; Static analysis; Taint analysis; Web applications

Indexed keywords

INFORMATION FLOW; INTEGRITY; SECURITY; TAINT ANALYSIS; WEB APPLICATIONS;

STATIC ANALYSIS; WORLD WIDE WEB;

JAVA PROGRAMMING LANGUAGE;

EID: 67650821903     PISSN: 15232867     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Conference Paper

References (40)

1. L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, University of Copenhagen, Denmark, 1994.
2. K. Ashcraft and D. Engler. Using Programmer-Written Compiler Extensions to Catch Security Holes. In S&P 2002.
3. R. Bodík, R. Gupta, and V. Sarkar. ABCD: Eliminating Array Bounds Checks on Demand. In PLDI 2000.
4. W. Chang, B. Streiff, and C. Lin. Efficient and Extensible Security Enforcement Using Dynamic Data Flow Analysis. In CCS 2008.
5. P. Cousot and R. Cousot. Modular Static Program Analysis. In CC 2002.
6. R. Cytron, J. Ferrante, B. K. Rosen, M. N. Wegman, and F. K. Zadeck. Efficiently Computing Static Single Assignment Form and the Control Dependence Graph. TOPLAS, 13(4), 1991.
7. D. E. Denning. A Lattice Model of Secure Information Flow. CACM, 19(5), 1976.
8. D. E. Denning and P. J. Denning. Certification of Programs for Secure Information Flow. CACM, 20(7), 1977.
9. S. Fink, J. Dolby, and L. Colby. Semi-Automatic J2EE Transaction Configuration. IBM Research Report RC23326, 2004.
10. S. Fink, E. Yahav, N. Dor, G. Ramalingam, and E. Geay. Effective Typestate Verification in the Presence of Aliasing. In ISSTA 2006.
11. J. S. Foster, T. Terauchi, and A. Aiken. Flow-Sensitive Type Qualifiers. In PLDI 2002.
12. J. A. Goguen and J. Meseguer. Security Policies and Security Models. In S&P 1982.
13. C. Hammer, J. Krinke, and G. Snelting. Information Flow Control for Java Based on Path Conditions in Dependence Graphs. In ISSSE 2006.
14. R. Hasti and S. Horwitz. Using Static Single Assignment Form to Improve Flow-insensitive Pointer Analysis. In PLDI 1998.
15. N. Heintze and O. Tardieu. Demand-Driven Pointer Analysis. In PLDI 2001.
16. S. Horwitz, T. W. Reps, and D. Binkley. Interprocedural Slicing Using Dependence Graphs. In PLDI 1988.
17. IBM Rational AppScan Developer Edition (AppScan DE), http: //www.ibm.com/software/awdtools/appscan/developer
18. O. Lhoták and L. J. Hendren. Context-Sensitive Points-to Analysis: Is It Worth It? In CC 2006.
19. B. Livshits, J. Whaley, and M. S. Lam. Reflection Analysis for Java. In ASPLAS 2005.
20. V. B. Livshits and M. S. Lam. Finding Security Vulnerabilities in Java Applications with Static Analysis. In USENIX Security 2005.
21. S. McCamant and M. D. Ernst. Quantitative Information Flow as Network Flow Capacity. In PLDI 2008.
22. A. Milanova, A. Rountev, and B. G. Ryder. Parameterized Object Sensitivity for Points-to Analysis for Java. TOSEM, 14(1), 2005.
23. Y. Minamide. Static Approximation of Dynamically Generated Web Pages. In WWW 2005.
24. A. C. Myers. JFlow: Practical Mostly-static Information Flow Control. In POPL 1999.
25. A. C. Myers and B. Liskov. A Decentralized Model for Information Flow Control. In SOSP 1997.
26. OWASP, http://www.owasp.org.
27. M. Pistoia, R. J. Flynn, L. Koved, and V. C. Sreedhar. Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection. In ECOOP 2005.
28. T. Reps, S. Horwitz, and M. Sagiv. Precise Interprocedural Dataflow Analysis via Graph Reachability. In POPL 1995.
29. B. G. Ryder. Dimensions of Precision in Reference Analysis of Object-Oriented Languages. In CC 2003. Invited Paper.
30. U. Shankar, K. Talwar, J. S. Foster, and D. Wagner. Detecting Format String Vulnerabilities with Type Qualifiers. In USENIX Security 2001.
31. G. Snelting, T. Robschink, and J. Krinke. Efficent Path Conditions in Dependence Graphs for Software Safety Analysis. TOSEM, 15(4), 2006.
32. M. Sridharan and R. Bodík. Refinement-based Context-sensitive Points-to Analysis for Java. In PLDI 2006.
33. M. Sridharan, S. J. Fink, and R. Bodík. Thin Slicing. In PLDI 2007.
34. Stanford SecuriBench Micro, http://suif.stanford.edu/ ∼livshits/work/securibench-micro.
35. T. J. Watson Libraries for Analysis (WALA), http://wala.sf.net.
36. D. Volpano, C. Irvine, and G. Smith. A Sound Type System for Secure Flow Analysis. JCS, 4(2-3), 1996.
37. rd edition, 2000.
38. G. Wassermann and Z. Su. Sound and Precise Analysis of Web Applications for Injection Vulnerabilities. In PLDI 2007.
39. G. Wassermann and Z. Su. Static Detection of Cross-site Scripting Vulnerabilities. In ICSE 2008.
40. J. Whaley and M. S. Lam. Cloning Based Context-Sensitive Pointer Alias Analysis Using Binary Decision Diagrams. In PLDI 2004.