Andromeda: Accurate and scalable security analysis of web applications

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 7793 LNCS, Issue , 2013, Pages 210-225

  Tripp, Omer ^a,b   Pistoia, Marco ^c   Cousot, Patrick ^d   Cousot, Radhia ^e   Guarnieri, Salvatore ^b,f  

^a TEL AVIV UNIVERSITY   (Israel)

^b IBM   (United States)

^c IBM T J WATSON RESEARCH CENTER   (United States)

^d NEW YORK UNIVERSITY   (United States)

^e ECOLE NORMALE SUPÉRIEURE   (France)

^f UNIVERSITY OF WASHINGTON   (United States)

Author keywords

Abstract Interpretation; Information Flow; Integrity; Security; Static Analysis; Taint Analysis

Indexed keywords

ABSTRACT INTERPRETATIONS; INFORMATION FLOWS; INTEGRITY; SECURITY; TAINT ANALYSIS;

JAVA PROGRAMMING LANGUAGE; SOFTWARE ENGINEERING; STATIC ANALYSIS;

DATA FLOW ANALYSIS;

EID: 84874382751     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-37057-1_15     Document Type: Conference Paper

References (40)

1. Andersen, L.O.: Program Analysis and Specialization for the C Programming Language. PhD thesis, University of Copenhagen, Copenhagen, Denmark (May 1994)
2. Ashcraft, K., Engler, D.: Using Programmer-Written Compiler Extensions to Catch Security Holes. In: S&P (2002)
3. Bacon, D.F., Sweeney, P.F.: Fast static analysis of c++ virtual function calls. In: OOPSLA, pp. 324-341 (1996)
4. Chang, W., Streiff, B., Lin, C.: Efficient and Extensible Security Enforcement Using Dynamic Data Flow Analysis. In: CCS (2008)
5. Cheng, B., Hwu,W.W.: Modular interprocedural pointer analysis using access paths: design, implementation, and evaluation. In: Proceedings of the ACM SIGPLAN 2000 Conference on Programming Language Design and Implementation, pp. 57-69 (2000)
6. Cousot, P., Cousot, R.: Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints. In: POPL, pp. 238-252 (1977)
7. Dean, J., Grove, D., Chambers, C.: Optimization of Object-Oriented Programs Using Static Class Hierarchy Analysis. In: Olthoff, W. (ed.) ECOOP 1995. LNCS, vol. 952, pp. 77-101. Springer, Heidelberg (1995)
8. Denning, D.E.: A Lattice Model of Secure Information Flow. CACM 19(5) (1976)
9. Denning, D.E., Denning, P.J.: Certification of Programs for Secure Information Flow. CACM 20(7) (1977)
10. Deutsch, A.: A Storeless Model of Aliasing and Its Abstractions Using Finite Representations of Right-regular Equivalence Relations. In: ICCL (1992)
11. Fuhrer, R., Tip, F., Kie?zun, A., Dolby, J., Keller, M.: Efficiently Refactoring Java Applications to Use Generic Libraries. In: Gao, X.-X. (ed.) ECOOP 2005. LNCS, vol. 3586, pp. 71-96. Springer, Heidelberg (2005) (Pubitemid 41435977)
12. Goguen, J.A., Meseguer, J.: Security Policies and Security Models. In: S&P (1982)
13. Guarnieri, S., Pistoia, M., Tripp, O., Dolby, J., Teilhet, S.: Saving the World Wide Web from Vulnerable JavaScript. In: ISSTA (2011)
14. Hammer, C., Krinke, J., Snelting, G.: Information Flow Control for Java Based on Path Conditions in Dependence Graphs. In: S&P (2006)
15. Heintze, N., Tardieu, O.: Demand-Driven Pointer Analysis. In: PLDI (2001)
16. Lhoták, O., Hendren, L.J.: Context-Sensitive Points-to Analysis: Is ItWorth It. In: CC (2006)
17. Livshits, V.B., Lam, M.S.: Finding Security Vulnerabilities in Java Applications with Static Analysis. In: USENIX Security (2005)
18. McCamant, S., Ernst, M.D.: Quantitative Information Flow as Network Flow Capacity. In: PLDI (2008)
19. Minamide, Y.: Static Approximation of Dynamically Generated Web Pages. In: WWW (2005)
20. Myers, A.C.: JFlow: Practical Mostly-static Information Flow Control. In: POPL (1999)
21. Myers, A.C., Liskov, B.: A Decentralized Model for Information Flow Control. In: SOSP (1997)
22. Newsome, J., Song, D.: Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In: NDSS (2005)
23. Pistoia, M., Flynn, R.J., Koved, L., Sreedhar, V.C.: Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection. In: Gao, X.-X. (ed.) ECOOP 2005. LNCS, vol. 3586, pp. 362-386. Springer, Heidelberg (2005) (Pubitemid 41435989)
24. Reps, T., Horwitz, S., Sagiv, M.: Precise Interprocedural Dataflow Analysis via Graph Reachability. In: POPL (1995)
25. Sabelfeld, A., Myers, A.C.: Language-based Information-flow Security. IEEE Journal on Selected Areas in Communications 21, 5-19 (2003)
26. Saha, D.: Incremental Evaluation of Tabled Logic Programs. PhD thesis, State University of New York at Stony Brook, Stony Brook, NY, USA (2006)
27. Shankar, U., Talwar, K., Foster, J.S., Wagner, D.: Detecting Format String Vulnerabilities with Type Qualifiers. In: USENIX Security (2001)
28. Snelting, G., Robschink, T., Krinke, J.: Efficent Path Conditions in Dependence Graphs for Software Safety Analysis. TOSEM, 15(4) (2006)
29. Sridharan, M., Artzi, S., Pistoia, M., Guarnieri, S., Tripp, O., Berg, R.: F4F: Taint Analysis of Framework-based Web Applications. In: OOPSLA (2011)
30. Sridharan, M., Fink, S.J., Bodík, R.: Thin Slicing. In: PLDI (2007)
31. Sridharan, M., Bodík, R.: Refinement-based Context-sensitive Points-to Analysis for Java. In: ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2006), Ottawa, ON, Canada, pp. 387-400 (June 2006)
32. Tateishi, T., Pistoia, M., Tripp, O.: Path- and Index-sensitive String Analysis Based on Monadic Second-order Logic. In: ISSTA (2011)
33. Tripp, O., Pistoia, M., Fink, S.J., Sridharan, M., Weisman, O.: TAJ: Effective Taint Analysis of Web Applications. In: PLDI (2009)
34. Volpano, D., Irvine, C., Smith, G.: A Sound Type System for Secure Flow Analysis. JCS 4(2-3) (1996)
35. Vosloo, I., Kourie, D.G.: Server-centric web frameworks: An overview. ACM Comput. Surv. 40(2), 4:1-4:33 (2008)
36. Wassermann, G., Su, Z.: Sound and Precise Analysis of Web Applications for Injection Vulnerabilities. In: PLDI (2007)
37. Wassermann, G., Su, Z.: Static Detection of Cross-site Scripting Vulnerabilities. In: ICSE 2008 (2008)
38. Whaley, J., Lam, M.S.: Cloning Based Context-Sensitive Pointer Alias Analysis Using Binary Decision Diagrams. In: PLDI (2004)
39. Yan, D., Xu, G., Rountev, A.: Demand-driven context-sensitive alias analysis for java. In: Proceedings of the 2011 International Symposium on Software Testing and Analysis, pp. 155-165 (2011)
40. Zheng, X., Rugina, R.: Demand-driven alias analysis for c. In: Proceedings of the 35th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 197-208 (2008)