The program dependence graph and its use in optimization
ACM Transactions on Programming Languages and Systems (TOPLAS)
Automatic construction of sparse data flow evaluation graphs
POPL '91 Proceedings of the 18th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Efficiently computing static single assignment form and the control dependence graph
ACM Transactions on Programming Languages and Systems (TOPLAS)
Precise interprocedural dataflow analysis via graph reachability
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Efficient inference of object types
Information and Computation
Secure information flow in a multi-threaded imperative language
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ABCD: eliminating array bounds checks on demand
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
A fast algorithm for finding dominators in a flowgraph
ACM Transactions on Programming Languages and Systems (TOPLAS)
Certification of programs for secure information flow
Communications of the ACM
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Modern Compiler Implementation in Java
Modern Compiler Implementation in Java
Effective Representation of Aliases and Indirect Memory Operations in SSA Form
CC '96 Proceedings of the 6th International Conference on Compiler Construction
ICSE '81 Proceedings of the 5th international conference on Software engineering
Specifying and Enforcing Application-Level Web Security Policies
IEEE Transactions on Knowledge and Data Engineering
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Precise alias analysis for static detection of web application vulnerabilities
Proceedings of the 2006 workshop on Programming languages and analysis for security
Compilers: Principles, Techniques, and Tools (2nd Edition)
Compilers: Principles, Techniques, and Tools (2nd Edition)
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Static detection of security vulnerabilities in scripting languages
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A practical solution for scripting language compilers
Proceedings of the 2009 ACM symposium on Applied Computing
TAJ: effective taint analysis of web applications
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
XCS: cross channel scripting and its impact on web applications
Proceedings of the 16th ACM conference on Computer and communications security
International Journal of Information Security
User-input dependence analysis via graph reachability
User-input dependence analysis via graph reachability
Precise analysis of string expressions
SAS'03 Proceedings of the 10th international conference on Static analysis
Saving the world wide web from vulnerable JavaScript
Proceedings of the 2011 International Symposium on Software Testing and Analysis
F4F: taint analysis of framework-based web applications
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Interprocedural analysis for privileged code placement and tainted variable detection
ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
Language-based information-flow security
IEEE Journal on Selected Areas in Communications
Efficient static checker for tainted variable attacks
Science of Computer Programming
Efficient static checker for tainted variable attacks
Science of Computer Programming
Hi-index | 0.00 |
Tainted flow attacks originate from program inputs maliciously crafted to exploit software vulnerabilities. These attacks are common in server-side scripting languages, such as PHP. In 1997, Orbaek and Palsberg formalized the problem of detecting these exploits as an instance of type-checking, and gave an O(V^3) algorithm to solve it, where V is the number of program variables. A similar algorithm was, ten years later, implemented on the Pixy tool. In this paper we give an O(V^2) solution to the same problem. Our solution uses Bodik et al.'s extended Static Single Assignment (e-SSA) program representation. The e-SSA form can be efficiently computed and it enables us to solve the problem via a sparse dataflow analysis. Using the same infrastructure, we compared a state-of-the-art dataflow solution with our technique. Both approaches have detected 36 vulnerabilities in well known PHP programs. Our results show that our approach tends to outperform the dataflow algorithm for larger inputs. We have reported the new bugs that we found, and an implementation of our algorithm is publicly available at https://github.com/rimsa/tainted-phc.git.