Using Precise Taint Tracking for Auto-sanitization

Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security Pub Date : 2017-10-30 DOI:10.1145/3139337.3139341

Tejas Saoji, Thomas H. Austin, C. Flanagan

{"title":"Using Precise Taint Tracking for Auto-sanitization","authors":"Tejas Saoji, Thomas H. Austin, C. Flanagan","doi":"10.1145/3139337.3139341","DOIUrl":null,"url":null,"abstract":"Taint analysis has been used in numerous scripting languages such as Perl and Ruby to defend against various form of code injection attacks, such as cross-site scripting (XSS) and SQL-injection. However, most taint analysis systems simply fail when tainted information is used in a possibly unsafe manner. In this paper, we explore how precise taint tracking can be used in order to secure web content. Rather than simply crashing, we propose that a library-writer defined sanitization function can instead be used on the tainted portions of a string. With this approach, library writers or framework developers can design their tools to be resilient, even if inexperienced developers misuse these libraries in unsafe ways. In other words, developer mistakes do not have to result in system crashes to guarantee security. We implement both coarse-grained and precise taint tracking in JavaScript, and show how our precise taint tracking API can be used to defend against SQL injection and XSS attacks. We further evaluate the performance of this approach, showing that precise taint tracking involves an overhead of approximately 22%.","PeriodicalId":329351,"journal":{"name":"Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3139337.3139341","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

Abstract

Taint analysis has been used in numerous scripting languages such as Perl and Ruby to defend against various form of code injection attacks, such as cross-site scripting (XSS) and SQL-injection. However, most taint analysis systems simply fail when tainted information is used in a possibly unsafe manner. In this paper, we explore how precise taint tracking can be used in order to secure web content. Rather than simply crashing, we propose that a library-writer defined sanitization function can instead be used on the tainted portions of a string. With this approach, library writers or framework developers can design their tools to be resilient, even if inexperienced developers misuse these libraries in unsafe ways. In other words, developer mistakes do not have to result in system crashes to guarantee security. We implement both coarse-grained and precise taint tracking in JavaScript, and show how our precise taint tracking API can be used to defend against SQL injection and XSS attacks. We further evaluate the performance of this approach, showing that precise taint tracking involves an overhead of approximately 22%.

查看原文本刊更多论文

使用精确的污点跟踪进行自动消毒

许多脚本语言(如Perl和Ruby)都使用了污点分析来防御各种形式的代码注入攻击，例如跨站点脚本(XSS)和sql注入。然而，当以可能不安全的方式使用受污染的信息时，大多数污染分析系统都会失败。在本文中，我们探讨了如何精确的污染跟踪可以用来保护web内容。与其简单地崩溃，我们建议库编写者定义的清理函数可以用于字符串的受污染部分。使用这种方法，库编写者或框架开发人员可以将他们的工具设计得具有弹性，即使没有经验的开发人员以不安全的方式滥用这些库。换句话说，开发人员的错误不一定会导致系统崩溃，从而保证安全性。我们在JavaScript中实现了粗粒度和精确的污染跟踪，并展示了如何使用精确的污染跟踪API来防御SQL注入和XSS攻击。我们进一步评估了这种方法的性能，表明精确的污染跟踪涉及大约22%的开销。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security

自引率

0.00%

发文量