JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Generalized aliasing as a basis for program analysis tools
Generalized aliasing as a basis for program analysis tools
Role-Based access control consistency validation
Proceedings of the 2006 international symposium on Software testing and analysis
The case for analysis preserving language transformation
Proceedings of the 2006 international symposium on Software testing and analysis
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Merlin: specification inference for explicit information flow problems
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
TAJ: effective taint analysis of web applications
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Checking Framework Interactions with Relationships
Genoa Proceedings of the 23rd European Conference on ECOOP 2009 --- Object-Oriented Programming
Typestate-oriented programming
Proceedings of the 24th ACM SIGPLAN conference companion on Object oriented programming systems languages and applications
Strictly declarative specification of sophisticated points-to analyses
Proceedings of the 24th ACM SIGPLAN conference on Object oriented programming systems languages and applications
Path- and index-sensitive string analysis based on monadic second-order logic
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Saving the world wide web from vulnerable JavaScript
Proceedings of the 2011 International Symposium on Software Testing and Analysis
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
RefaFlex: safer refactorings for reflective Java programs
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Automated detection of client-state manipulation vulnerabilities
Proceedings of the 34th International Conference on Software Engineering
ANDROMEDA: accurate and scalable security analysis of web applications
FASE'13 Proceedings of the 16th international conference on Fundamental Approaches to Software Engineering
Composing polymorphic information flow systems with reference immutability
Proceedings of the 15th Workshop on Formal Techniques for Java-like Programs
Alias analysis for object-oriented programs
Aliasing in Object-Oriented Programming
Alias analysis: beyond the code
Aliasing in Object-Oriented Programming
Efficient static checker for tainted variable attacks
Science of Computer Programming
Hi-index | 0.00 |
This paper presents F4F (Framework For Frameworks), a system for effective taint analysis of framework-based web applications. Most modern web applications utilize one or more web frameworks, which provide useful abstractions for common functionality. Due to extensive use of reflective language constructs in framework implementations, existing static taint analyses are often ineffective when applied to framework-based applications. While previous work has included ad hoc support for certain framework constructs, adding support for a large number of frameworks in this manner does not scale from an engineering standpoint. F4F employs an initial analysis pass in which both application code and configuration files are processed to generate a specification of framework-related behaviors. A taint analysis engine can leverage these specifications to perform a much deeper, more precise analysis of framework-based applications. Our specification language has only a small number of simple but powerful constructs, easing analysis engine integration. With this architecture, new frameworks can be handled with no changes to the core analysis engine, yielding significant engineering benefits. We implemented specification generators for several web frameworks and added F4F support to a state-of-the-art taint-analysis engine. In an experimental evaluation, the taint analysis enhanced with F4F discovered 525 new issues across nine benchmarks, a harmonic mean of 2.10X more issues per benchmark. Furthermore, manual inspection of a subset of the new issues showed that many were exploitable or reflected bad security practice.