Typestate: A programming language concept for enhancing software reliability
IEEE Transactions on Software Engineering
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Global Data Flow Analysis and Iterative Algorithms
Journal of the ACM (JACM)
An annotation language for optimizing software libraries
Proceedings of the 2nd conference on Domain-specific languages
ACM Transactions on Information and System Security (TISSEC)
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Programming Perl
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
ICSE '81 Proceedings of the 5th international conference on Software engineering
Using Programmer-Written Compiler Extensions to Catch Security Holes
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
The inlined reference monitor approach to security policy enforcement
The inlined reference monitor approach to security policy enforcement
Incorporating domain-specific information into the compilation process
Incorporating domain-specific information into the compilation process
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Low-overhead memory leak detection using adaptive statistical profiling
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Improving software security with a C pointer analysis
Proceedings of the 27th international conference on Software engineering
Defeating Memory Corruption Attacks via Pointer Taintedness Detection
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
Finding application errors and security flaws using PQL: a program query language
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
Proceedings of the 12th ACM conference on Computer and communications security
DieHard: probabilistic memory safety for unsafe languages
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
A General Dynamic Information Flow Tracking Framework for Security Applications
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
Raksha: a flexible information flow architecture for software security
Proceedings of the 34th annual international symposium on Computer architecture
FormatGuard: automatic protection from printf format string vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Efficient techniques for comprehensive protection from memory error exploits
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Transparent run-time defense against stack smashing attacks
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
Dytan: a generic dynamic taint analysis framework
Proceedings of the 2007 international symposium on Software testing and analysis
Securing software by enforcing data-flow integrity
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Detection of Data Flow Anomaly Through Program Instrumentation
IEEE Transactions on Software Engineering
Client-driven pointer analysis
SAS'03 Proceedings of the 10th international conference on Static analysis
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Semi-sparse flow-sensitive pointer analysis
Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
TAJ: effective taint analysis of web applications
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Improving application security with data flow assertions
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Finding bugs in exceptional situations of JNI programs
Proceedings of the 16th ACM conference on Computer and communications security
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Efficient character-level taint tracking for Java
Proceedings of the 2009 ACM workshop on Secure web services
Towards security testing with taint analysis and genetic algorithms
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Client-side detection of XSS worms by monitoring payload propagation
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Dynamic tainting for deployed Java programs
Proceedings of the ACM international conference companion on Object oriented programming systems languages and applications companion
Patch auditing in infrastructure as a service clouds
Proceedings of the 7th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Saving the world wide web from vulnerable JavaScript
Proceedings of the 2011 International Symposium on Software Testing and Analysis
GuardRails: a data-centric web application security framework
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Static detection of access control vulnerabilities in web applications
SEC'11 Proceedings of the 20th USENIX conference on Security
RoleCast: finding missing security checks when you do not know what checks are
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
A formalisation of java strings for program specification and verification
SEFM'11 Proceedings of the 9th international conference on Software engineering and formal methods
Static program analysis assisted dynamic taint tracking for software vulnerability discovery
Computers & Mathematics with Applications
Flow-sensitive pointer analysis for millions of lines of code
CGO '11 Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization
Towards a taint mode for cloud computing web applications
Proceedings of the 7th Workshop on Programming Languages and Analysis for Security
Hash-flow taint analysis of higher-order programs
Proceedings of the 7th Workshop on Programming Languages and Analysis for Security
A taint mode for python via a library
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Scalable flow-sensitive pointer analysis for java with strong updates
ECOOP'12 Proceedings of the 26th European conference on Object-Oriented Programming
Static secure page allocation for light-weight dynamic information flow tracking
Proceedings of the 2012 international conference on Compilers, architectures and synthesis for embedded systems
Practical Integrated Analysis of Pointers, Dataflow and Control Flow
ACM Transactions on Programming Languages and Systems (TOPLAS)
ANDROMEDA: accurate and scalable security analysis of web applications
FASE'13 Proceedings of the 16th international conference on Fundamental Approaches to Software Engineering
Inlined monitors for security policy enforcement in web applications
Proceedings of the 17th Panhellenic Conference on Informatics
Parallel flow-sensitive pointer analysis by graph-rewriting
PACT '13 Proceedings of the 22nd international conference on Parallel architectures and compilation techniques
SEC'13 Proceedings of the 22nd USENIX conference on Security
Information and Software Technology
Accelerating Dynamic Detection of Uses of Undefined Values with Static Value-Flow Analysis
Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization
Time- and space-efficient flow-sensitive points-to analysis
ACM Transactions on Architecture and Code Optimization (TACO)
Hi-index | 0.00 |
Current taint tracking systems suffer from high overhead and a lack of generality. In this paper, we solve both of these issues with an extensible system that is an order of magnitude more efficient than previous software taint tracking systems and is fully general to dynamic data flow tracking problems. Our system uses a compiler to transform untrusted programs into policy-enforcing programs, and our system can be easily reconfigured to support new analyses and policies without modifying the compiler or runtime system. Our system uses a sound and sophisticated static analysis that can dramatically reduce the amount of data that must be dynamically tracked. For server programs, our system's average overhead is 0.65% for taint tracking, which is comparable to the best hardware-based solutions. For a set of compute-bound benchmarks, our system produces no runtime overhead because our compiler can prove the absence of vulnerabilities, eliminating the need to dynamically track taint. After modifying these benchmarks to contain format string vulnerabilities, our system's overhead is less than 13%, which is over 6X lower than the previous best solutions. We demonstrate the flexibility and power of our system by applying it to file disclosure vulnerabilities, a problem that taint tracking cannot handle. To prevent such vulnerabilities, our system introduces an average runtime overhead of 0.25% for three open source server programs.