Effective partial redundancy elimination
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Partial redundancy elimination for access path expressions
Software—Practice & Experience - Special issue on aliasing in object-oriented systems
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
ACM SIGPLAN Notices - Best of PLDI 1979-1999
Improving software security with a C pointer analysis
Proceedings of the 27th international conference on Software engineering
Dimensions and Principles of Declassification
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Finding application errors and security flaws using PQL: a program query language
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Dynamic Taint Propagation for Java
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
From uncertainty to belief: inferring the specification within
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Static detection of security vulnerabilities in scripting languages
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Dynamic taint propagation: Finding vulnerabilities without attacking
Information Security Tech. Report
Intransitive Noninterference in Dependence Graphs
ISOLA '06 Proceedings of the Second International Symposium on Leveraging Applications of Formal Methods, Verification and Validation
Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Merlin: specification inference for explicit information flow problems
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
TAJ: effective taint analysis of web applications
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Compilers: Principles, Techniques, & Tools with Gradiance
Compilers: Principles, Techniques, & Tools with Gradiance
Efficient character-level taint tracking for Java
Proceedings of the 2009 ACM workshop on Secure web services
International Journal of Information Security
User-input dependence analysis via graph reachability
User-input dependence analysis via graph reachability
Regular expressions considered harmful in client-side XSS filters
Proceedings of the 19th international conference on World wide web
Dartmouth internet security testbed (DIST: building a campus-wide wireless testbed
CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
A security policy oracle: detecting security holes using multiple API implementations
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Inference of Expressive Declassification Policies
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Fast and precise sanitizer analysis with BEK
SEC'11 Proceedings of the 20th USENIX conference on Security
A systematic analysis of XSS sanitization in web application frameworks
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Context-sensitive auto-sanitization in web templating languages using type qualifiers
Proceedings of the 18th ACM conference on Computer and communications security
SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications
Proceedings of the 18th ACM conference on Computer and communications security
Symbolic finite state transducers: algorithms and applications
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Defending against injection attacks through context-sensitive string evaluation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Automating security mediation placement
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Type-based dependency analysis for javascript
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
deDacota: toward preventing server-side XSS via automatic code and data separation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Automatic mediation of privacy-sensitive resource access in smartphone applications
SEC'13 Proceedings of the 22nd USENIX conference on Security
| Hi-index | 0.00 |
A great deal of research on sanitizer placement, sanitizer correctness, checking path validity, and policy inference, has been done in the last five to ten years, involving type systems, static analysis and runtime monitoring and enforcement. However, in pretty much all work thus far, the burden of sanitizer placement has fallen on the developer. However, sanitizer placement in large-scale applications is difficult, and developers are likely to make errors, and thus create security vulnerabilities. This paper advocates a radically different approach: we aim to fully automate the placement of sanitizers by analyzing the ow of tainted data in the program. We argue that developers are better off leaving out sanitizers entirely instead of trying to place them. This paper proposes a fully automatic technique for sanitizer placement. Placement is static whenever possible, switching to run time when necessary. Run-time taint tracking techniques can be used to track the source of a value, and thus apply appropriate sanitization. However, due to the runtime overhead of run-time taint tracking, our technique avoids it wherever possible.