TAJ
作者: Omer Tripp , Marco Pistoia , Stephen J. Fink , Manu Sridharan , Omri Weisman
关键词:
摘要: Taint analysis, a form of information-flow establishes whether values from untrusted methods and parameters may flow into security-sensitive operations. analysis can detect many common vulnerabilities in Web applications, so has attracted much attention both the research community industry. However, most static taint-analysis tools do not address critical requirements for an industrial-strength tool. Specifically, tool must scale to large industrial model essential Web-application code artifacts, generate consumable reports wide range attack vectors.We have designed implemented Analysis Java (TAJ) that meets industry-level applications. TAJ analyze applications virtually any size, as it employs set techniques produce useful answers given limited time space. addresses variety vectors, with handle reflective calls, through containers, nested taint, issues generating reports. This paper provides description algorithms comprising TAJ, evaluates against production-level benchmarks, compares alternative solutions.
acm.org
sridharan.net参考文章(36)
Julian Dolby, Stephen J. Fink, Logan Colby, Stephen Fink, Semi-Automatic J2EE Transaction Configuration ,(2004)
Patrick Cousot, Radhia Cousot, Modular Static Program Analysis compiler construction. pp. 159- 178 ,(2002) , 10.1007/3-540-45937-5_13
V. Benjamin Livshits, Monica S. Lam, Finding security vulnerabilities in java applications with static analysis usenix security symposium. pp. 18- 18 ,(2005)
Barbara G. Ryder, Dimensions of precision in reference analysis of object-oriented programming languages compiler construction. pp. 126- 137 ,(2003) , 10.1007/3-540-36579-6_10
Ondřej Lhoták, Laurie Hendren, Context-Sensitive Points-to Analysis: Is It Worth It? Lecture Notes in Computer Science. pp. 47- 64 ,(2006) , 10.1007/11688839_5
David Wagner, Kunal Talwar, Jeffrey S. Foster, Umesh Shankar, Detecting format string vulnerabilities with type qualifiers usenix security symposium. pp. 16- 16 ,(2001)
K. Ashcraft, D. Engler, Using programmer-written compiler extensions to catch security holes ieee symposium on security and privacy. pp. 143- 159 ,(2002) , 10.1109/SECPRI.2002.1004368
J. A. Goguen, J. Meseguer, Security Policies and Security Models ieee symposium on security and privacy. pp. 11- 11 ,(1982) , 10.1109/SP.1982.10014
Ron Cytron, Jeanne Ferrante, Barry K. Rosen, Mark N. Wegman, F. Kenneth Zadeck, Efficiently computing static single assignment form and the control dependence graph ACM Transactions on Programming Languages and Systems. ,vol. 13, pp. 451- 490 ,(1991) , 10.1145/115372.115320
Gary Wassermann, Zhendong Su, Sound and precise analysis of web applications for injection vulnerabilities Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation - PLDI '07. ,vol. 42, pp. 32- 41 ,(2007) , 10.1145/1250734.1250739