Efficient static checker for tainted variable attacks

Rimsa, Andrei; d’Amorim, Marcelo; Pereira, Fernando Magno Quintão; Bigonha, Roberto da Silva

doi:10.1016/j.scico.2013.03.012

Cited by 7 publications

(7 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…First, the output CFG must maintain the flow of types of each program point during execution, such requirement is necessary due to the dynamically typed nature of PHP [15]. Second, it is required to collect information about the complete program putting all function calls in considerations; this is the main role of the Inter-procedural data flow analysis phase [16]. Finally, the data flow analysis collects all associated information for each node [17].…”

Section: Proposed Model Implementationmentioning

confidence: 99%

Automated server-side model for recognition of security vulnerabilities in scripting languages

Abdel-Kader

Nashaat

Habib

et al. 2020

IJECE

View full text Add to dashboard Cite

With the increase of global accessibility of web applications, maintaining a reasonable security level for both user data and server resources has become an extremely challenging issue. Therefore, static code analysis systems can help web developers to reduce time and cost. In this paper, a new static analysis model is proposed. This model is designed to discover the security problems in scripting languages. The proposed model is implemented in a prototype SCAT, which is a static code analysis Tool. SCAT applies the phases of the proposed model to catch security vulnerabilities in PHP 5.3. Empirical results attest that the proposed prototype is feasible and is able to contribute to the security of real-world web applications. SCAT managed to detect 94% of security vulnerabilities found in the testing benchmarks; this clearly indicates that the proposed model is able to provide an effective solution to complicated web systems by offering benefits of securing private data for users and maintaining web application stability for web applications providers.

show abstract

Section: Proposed Model Implementationmentioning

confidence: 99%

Automated server-side model for recognition of security vulnerabilities in scripting languages

Abdel-Kader

Nashaat

Habib

et al. 2020

IJECE

View full text Add to dashboard Cite

show abstract

“…Previous implementations of sparse analysis [6,25] that draw information from conditionals such as cond = a < b; br(cond , l) only split the live ranges of variables used in these conditionals, e.g., a and b. We go beyond and consider transitive dependences.…”

Section: Splitting Required By Symbolic Range Analysismentioning

confidence: 99%

Validation of memory accesses through symbolic analyses

Nazaré

Maffra

Santos

et al. 2014

Proceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages &Amp; Applications

View full text Add to dashboard Cite

The C programming language does not prevent out-ofbounds memory accesses. There exist several techniques to secure C programs; however, these methods tend to slow down these programs substantially, because they populate the binary code with runtime checks. To deal with this problem, we have designed and tested two static analyses -symbolic region and range analysis -which we combine to remove the majority of these guards. In addition to the analyses themselves, we bring two other contributions. First, we describe live range splitting strategies that improve the efficiency and the precision of our analyses. Secondly, we show how to deal with integer overflows, a phenomenon that can compromise the correctness of static algorithms that validate memory accesses. We validate our claims by incorporating our findings into AddressSanitizer. We generate SPEC CINT 2006 code that is 17% faster and 9% more energy efficient than the code produced originally by this tool. Furthermore, our approach is 50% more effective than Pentagons, a stateof-the-art analysis to sanitize memory accesses.

show abstract

“…The objective of taint analysis [32,33] is to find program vulnerabilities. In this case, a harmful attack is possible when input data reaches sensitive program sites without going through special functions called sanitizers.…”

Section: Taint Analysismentioning

confidence: 99%

“…Figure 2(d) shows the intermediate representation that we create for the program in Figure 2(b). In this case, our intermediate representation is Taint analysis: The objective of taint analysis [36,37] is to find program vulnerabilities. In…”

Section: Examples Of Plv Problemsmentioning

confidence: 99%

Parameterized Construction of Program Representations for Sparse Dataflow Analyses

Tavares¹,

Boissinot²,

Pereira³

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Data-flow analyses usually associate information with control flow regions. Informally, if these regions are too small, like a point between two consecutive statements, we call the analysis dense. On the other hand, if these regions include many such points, then we call it sparse. This paper presents a systematic method to build program representations that support sparse analyses. To pave the way to this framework we clarify the bibliography about well-known intermediate program representations. We show that our approach, up to parameter choice, subsumes many of these representations, such as the SSA, SSI and e-SSA forms. In particular, our algorithms are faster, simpler and more frugal than the previous techniques used to construct SSI -Static Single Information -form programs. We produce intermediate representations isomorphic to Choi et al.'s Sparse Evaluation Graphs (SEG) for the family of data-flow problems that can be partitioned per variables. However, contrary to SEGs, we can handle -sparsely -problems that are not in this family. We have tested our ideas in the LLVM compiler, comparing different program representations in terms of size and construction time.

show abstract

Efficient static checker for tainted variable attacks

Cited by 7 publications

References 10 publications

Automated server-side model for recognition of security vulnerabilities in scripting languages

Automated server-side model for recognition of security vulnerabilities in scripting languages

Validation of memory accesses through symbolic analyses

Parameterized Construction of Program Representations for Sparse Dataflow Analyses

Contact Info

Product

Resources

About