skip to main content
10.1145/2993600.2993610acmconferencesArticle/Chapter ViewAbstractPublication PagespldiConference Proceedingsconference-collections
research-article
Public Access

In-Depth Enforcement of Dynamic Integrity Taint Analysis

Published: 24 October 2016 Publication History

Abstract

Dynamic taint analysis can be used as a defense against low-integrity data in applications with untrusted user interfaces. An important example is defense against XSS and injection attacks in programs with web interfaces. Data sanitization is commonly used in this context, and can be treated as a precondition for endorsement in a dynamic integrity taint analysis. However, sanitization is often incomplete in practice. We develop a model of dynamic integrity taint analysis for Java that addresses imperfect sanitization with an in-depth approach. To avoid false positives, results of sanitization are endorsed for access control (aka prospective security), but are tracked and logged for auditing and accountability (aka retrospective security). We show how this heterogeneous prospective/retrospective mechanism can be specified as a uniform policy, separate from code. We then use this policy to establish correctness conditions for a program rewriting algorithm that instruments code for the analysis. The rewriting itself is a model of existing, efficient Java taint analysis tools.

References

[1]
S. Amir-Mohammadian, S. Chong, and C. Skalka. Correct audit logging: Theory and practice. In POST, pages 139--162, 2016.
[2]
A. Askarov and A. Sabelfeld. Gradual release: Unifying declassification, encryption and key release policies. In IEEE S&P, pages 207--221, 2007.
[3]
J. Bell and G. E. Kaiser. Phosphor: illuminating dynamic data flow in commodity jvms. In OOPSLA, pages 83--101, 2014.
[4]
J. Bell and G. E. Kaiser. Dynamic taint tracking for java with phosphor (demo). In ISSTA, pages 409--413, 2015.
[5]
E. Bosman, A. Slowinska, and H. Bos. Minemu: The world's fastest taint tracker. In RAID, pages 1--20, 2011.
[6]
S. Ceri, G. Gottlob, and L. Tanca. What you always wanted to know about Datalog (And never dared to ask). IEEE Transactions on Knowledge and Data Engineering, 1(1):146--166, 1989.
[7]
W. Cheng, Q. Zhao, B. Yu, and S. Hiroshige. Tainttrace: Efficient flow tracing with dynamic binary rewriting. In IEEE ISCC, pages 749--754, 2006.
[8]
E. Chin and D. Wagner. Efficient character-level taint tracking for java. In ACM SWS, pages 3--12, 2009.
[9]
W. Enck, P. Gilbert, B. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. Sheth. Taintdroid: an information flow tracking system for real-time privacy monitoring on smartphones. Commun. ACM, 57(3):99--106, 2014.
[10]
V. Ganapathy, T. Jaeger, C. Skalka, and G. Tan. Assurance for defense in depth via retrofitting. In LAW, 2014.
[11]
V. Haldar, D. Chandra, and M. Franz. Dynamic taint propagation for java. In ACSAC, pages 303--311, 2005.
[12]
A. Igarashi, B. C. Pierce, and P. Wadler. Featherweight java: a minimal core calculus for java and GJ. ACM Trans. Program. Lang. Syst., 23(3):396--450, 2001.
[13]
J. Kohlas and J. Schmid. An algebraic theory of information: An introduction and survey. Information, 5(2):219--254, 2014.
[14]
B. Livshits. Dynamic taint tracking in managed runtimes. Technical report, Technical Report MSR-TR-2012--114, Microsoft Research, 2012.
[15]
B. Livshits, M. Martin, and M. S. Lam. Securifly: Runtime protection and recovery from web application vulnerabilities. Technical report, Technical report, Stanford University, 2006.
[16]
M. Martin, B. Livshits, and M. S. Lam. Finding application errors using PQL: A program query language. In OOPSLA, 2005.
[17]
U. Nilsson and J. Maluszyynski. Definite logic programs. In Logic, Programming and Prolog, chapter 2. 2000.
[18]
OpenMRS. http://openmrs.org/, 2016. Accessed: 2016-07--28.
[19]
P. Saxena, R. Sekar, and V. Puranik. Efficient fine-grained binary instrumentationwith applications to taint-tracking. In CGO, pages 74--83, 2008.
[20]
F. B. Schneider. Enforceable security policies. ACM Transactions on Information and System Security, 3(1):30--50, 2000.
[21]
D. Schoepe, M. Balliu, B. C. Pierce, and A. Sabelfeld. Explicit secrecy: A policy for taint tracking. In IEEE EuroS&P, pages 15--30, 2016.
[22]
E. J. Schwartz, T. Avgerinos, and D. Brumley. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In IEEE S&P, pages 317--331, 2010.
[23]
R. Sekar. An efficient black-box technique for defeating web application attacks. In NDSS, 2009.
[24]
D. M. Volpano. Safety versus secrecy. In SAS, pages 303--311, 1999.
[25]
G. Wassermann and Z. Su. Sound and precise analysis of web applications for injection vulnerabilities. In PLDI, pages 32--41, 2007.
[26]
Z. Wei and D. Lie. Lazytainter: Memory-efficient taint tracking in managed runtimes. In SPSM Workshop at CCS, pages 27--38, 2014.
[27]
D. Y. Zhu, J. Jung, D. Song, T. Kohno, and D. Wetherall. Tainteraser: protecting sensitive data leaks using application-level taint tracking. Operating Systems Review, 45(1):142--154, 2011.

Cited By

View all
  • (2020)Maybe tainted data: Theory and a case studyJournal of Computer Security10.3233/JCS-191342(1-41)Online publication date: 1-Apr-2020
  • (2017)On Risk in Access Control EnforcementProceedings of the 22nd ACM on Symposium on Access Control Models and Technologies10.1145/3078861.3078872(31-42)Online publication date: 7-Jun-2017

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
PLAS '16: Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security
October 2016
116 pages
ISBN:9781450345743
DOI:10.1145/2993600
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2016

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. algorithms
  2. auditing
  3. languages
  4. security
  5. theory
  6. verification

Qualifiers

  • Research-article

Funding Sources

Conference

CCS'16
Sponsor:

Acceptance Rates

PLAS '16 Paper Acceptance Rate 6 of 11 submissions, 55%;
Overall Acceptance Rate 43 of 77 submissions, 56%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)71
  • Downloads (Last 6 weeks)9
Reflects downloads up to 20 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2020)Maybe tainted data: Theory and a case studyJournal of Computer Security10.3233/JCS-191342(1-41)Online publication date: 1-Apr-2020
  • (2017)On Risk in Access Control EnforcementProceedings of the 22nd ACM on Symposium on Access Control Models and Technologies10.1145/3078861.3078872(31-42)Online publication date: 7-Jun-2017

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media