Dynamic taint tracking for Java with phosphor (demo)

Bell, Jonathan; Kaiser, Gail E.

doi:10.1145/2771783.2784768

Cited by 14 publications

(8 citation statements)

References 11 publications

(16 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However dynamic taint analysis can analyze the taint information flow while the program is running. Currently, the analysis of Java applications using dynamic taint analysis is based on a modification of the operating system, such as the tool Phosphor [1] by Bell and Kaiser. Phosphor was developed using the Java bytecode manipulation library ASM framework.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Effective Dynamic Taint Analysis of Java Web Applications

Huang¹,

He²,

He³

et al. 2022

Atlantis Highlights in Intelligent Systems

View full text Add to dashboard Cite

With the rapid development of the Internet, network security is the most important issue for businesses and people. Vulnerabilities caused by user input and not treated harmlessly are the easiest to be exploited by hackers. In this paper, a tool named FastTaint is implemented, by using the principle of dynamic taint analysis, the vulnerability detection rate is high and the false positive rate is extremely low. First, the FastTaint tool is based on the proxy mode of behavior injection mode; then there are different instrumentation strategies for Source, Propagator, Sanitizer and Sink to make the detection range more accurate; finally, the taint is marked at the object level and the vulnerability is determined at the leaking point. The FastTaint tool abandons the traditional firewall that relies on the characteristics of requests to detect attacks and creatively uses Interactive Application Security Testing (IAST) technology. It is injected directly into the protected application's service to provide real-time, function-level protection, and can update the strategy without updating and detect or prevent unknown vulnerabilities without updating the protected application's code. Experiments show that this tool can quickly and efficiently detect multiple vulnerabilities without requiring the source code, FastTaint can detect multiple vulnerabilities, such as SQL Injection, Cross-Site Request Scripting, Path Traversal, Insecure Forwarding, XPath Injection, OS Injection, SSRF and other vulnerabilities.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Each method in the application is also checked to pass the shadow variable along with the unchecked object. Phosphor [1] does not support taint variable retention, making applications unsuitable for finding code injection vulnerabilities. Therefore Phosphor cannot detect security vulnerabilities in the data stream and create exploits.…”

Section: Related Workmentioning

confidence: 99%

Effective Dynamic Taint Analysis of Java Web Applications

Huang¹,

He²,

He³

et al. 2022

Atlantis Highlights in Intelligent Systems

View full text Add to dashboard Cite

show abstract

“…Taint Analysis could also be an option to detect redundant statements, by marking all inputs of a test case and seeing which ones affect the assert statements in the test case. This use case is even described as a method to detect brittle assertions in a paper from 2015 about Phosphor, a dynamic taint analysis tool for Java (Bell & Kaiser, 2015). To the best of our knowledge this is the only dynamic taint analysis tool for Java that supports general use cases as well as default JVMs (Bell & Kaiser, 2015).…”

Section: Dynamic Taint Analysismentioning

confidence: 99%

“…This use case is even described as a method to detect brittle assertions in a paper from 2015 about Phosphor, a dynamic taint analysis tool for Java (Bell & Kaiser, 2015). To the best of our knowledge this is the only dynamic taint analysis tool for Java that supports general use cases as well as default JVMs (Bell & Kaiser, 2015).…”

Section: Dynamic Taint Analysismentioning

confidence: 99%

Removing Redundant Statements in Amplified Test Cases

Brandt¹,

Zaidman²,

Oosterbroek³

2021

Preprint

View full text Add to dashboard Cite

Amplified test cases created by DSpot and TestCube often contain unnecessary statements that impact the readability of the tests in question. As a part of the effort to make these amplified test cases more developer-friendly, we investigate (dynamic) slicing, taint analysis and static analysis as approaches to remove redundant statements. In addition, we evaluate a simple static analysis approach that we implemented into DSpot. Our results show that the implemented approach works well: while being rudimentary, it is able to remove a significant portion of the redundant statements in the amplified test cases. A problem with removing redundant statements is the fact that it, at least for the approaches we discuss in this paper, will take a significant amount of time depending on the size and quality of the original tests. While the removal of the statements themselves is relatively fast, especially when using our implemented static analysis approach, verifying that the tests still work as intended through mutation testing is resource-intensive.

show abstract

“…However, it appears that PathFinder is not able to support our collected benchmarks. Another JVM analyzer is Phosphor [9], which tracks dynamic data flows at runtime based on dynamic taint tracking. Phosphor instruments the JVM core APIs; however, it also imposes a substantial overhead to the execution time, which seems to be due to the instrumentation of java.lang.Object or java.lang.String packages.…”

Section: Related Workmentioning

confidence: 99%

Kaizen: a scalable concolic fuzzing tool for Scala

Ashouri

2020

Proceedings of the 11th ACM SIGPLAN International Symposium on Scala

View full text Add to dashboard Cite

Scala is an open-source programming language created by Martin Odersky in 2001 and released under the BSD or Berkeley Software Distribution license. The language consolidates object-oriented and functional programming in one highlevel and robust language. Scala also maintains static types that help to reduce tricky errors during the execution time. In this paper, we introduce "Kaizen" as a practical security analysis tool that works based on concolic fuzzing for evaluating real-world Scala applications. To evaluated our approach, we analyzed 1,000 popular Scala projects existing on GitHub. As a result, Kaizen could report and exploit 101 security issues; some of those have not been reported before. Furthermore, our performance analysis outcome on the ScalaBench test suite demonstrates a 49% runtime overhead that proves Kaizen's usefulness for security testing in the Scala ecosystem.

show abstract

Dynamic taint tracking for Java with phosphor (demo)

Cited by 14 publications

References 11 publications

Effective Dynamic Taint Analysis of Java Web Applications

Effective Dynamic Taint Analysis of Java Web Applications

Removing Redundant Statements in Amplified Test Cases

Kaizen: a scalable concolic fuzzing tool for Scala

Contact Info

Product

Resources

About