Article
Using Precise Taint Tracking for Auto-sanitization
PLAS 2017 - Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security, co-located with CCS 2017
(2017)
Abstract
Taint analysis has been used in numerous scripting languages such as Perl and Ruby to defend against various form of code injection attacks, such as cross-site scripting (XSS) and SQL-injection. However, most taint analysis systems simply fail when tainted information is used in a possibly unsafe manner. In this paper, we explore how precise taint tracking can be used in order to secure web content. Rather than simply crashing, we propose that a library-writer defined sanitization function can instead be used on the tainted portions of a string. With this approach, library writers or framework developers can design their tools to be resilient, even if inexperienced developers misuse these libraries in unsafe ways. In other words, developer mistakes do not have to result in system crashes to guarantee security. We implement both coarse-grained and precise taint tracking in JavaScript, and show how our precise taint tracking API can be used to defend against SQL injection and XSS attacks. We further evaluate the performance of this approach, showing that precise taint tracking involves an overhead of approximately 22%. © 2017 Association for Computing Machinery.
Keywords
- JavaScript,
- Taint analysis,
- Web application security
Disciplines
Publication Date
October, 2017
DOI
https://doi.org/10.1145/3139337.3139341
Publisher Statement
SJSU users: Use the following link to login and access this article via SJSU databases.
Citation Information
Tejas Saoji, Thomas H. Austin and Cormac Flanagan. "Using Precise Taint Tracking for Auto-sanitization" PLAS 2017 - Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security, co-located with CCS 2017 Vol. 2017 (2017) p. 15 - 24 Available at: http://works.bepress.com/thomas_austin/36/