Skip to main content
profile image
Selected Works of Mark Stamp
Presentation
Virtual values for taint and information flow analysis
Workshop on Meta-Programming Techniques and Reflection (META 2016) (2016)
  • Prakasam Kannan, San Jose State University
  • Thomas H. Austin, San Jose State University
  • Mark Stamp, San Jose State University
  • Tim Disney, Shape Security
  • Cormac Flanagan, University of California, Santa Cruz
Download
Abstract
Security controls such as taint analysis and information flow analysis can be powerful tools to protect against many common attacks. However, incorporating these controls into a language such as JavaScript is challenging. Native implementations require the support of all JavaScript VMs. Code rewriting requires developers to reason about the entire abstract syntax of JavaScript.
In this paper, we demonstrate how virtual values may be used to more easily integrate these security controls. Virtual values provide hooks to alter the behavior of primitive operations, allowing programmers to create the desired security controls in a more declarative fashion, facilitating more rapid prototyping.
We demonstrate how virtual values may be encoded in JavaScript using a combination of JavaScript object proxies and the Sweet.js macro library, and use that implementation to build taint and information flow controls into JavaScript. Finally, we show some benchmark results to demonstrate the overhead of this approach.

Keywords
  • virtual values,
  • macros,
  • proxies,
  • taint analysis,
  • information flow analysis
Disciplines
Publication Date
October 30, 2016
Location
Amsterdam
Comments
This work is licensed under a Creative Commons Attribution 4.0 International License (CC BY 4.0). Meta’16 October 30, 2016, Amsterdam, Netherlands Copyright © 2016 held by owner/author(s). 

This paper was originally presented at the October 30, 2016 at the Workshop on Meta-Programming Techniques and Reflection (META 2016) in Amsterdam. The paper can also be found online at this link.
Citation Information
Prakasam Kannan, Thomas H. Austin, Mark Stamp, Tim Disney, et al.. "Virtual values for taint and information flow analysis" Workshop on Meta-Programming Techniques and Reflection (META 2016) (2016)
Available at: http://works.bepress.com/mark_stamp/58/
Creative Commons License
Creative Commons License
This work is licensed under a Creative Commons CC_BY International License.