Modular string-sensitive permission analysis with demand-driven precision

Geay, Emmanuel; Pistoia, Marco; Tateishi, Takaaki; Ryder, Barbara G.; Dolby, Julian

doi:10.1109/icse.2009.5070519

Cited by 17 publications

(21 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Furthermore, it has been shown that static analysis of the application's source code is a capable tool to identify XSS issues (see for instance [17,39,14,37,7]). Moreover, frameworks which discard the insecure practice of using the string type for syntax assembly are immune against injection attacks through providing suitable means for data/code separation [30,11].…”

Section: Related Workmentioning

confidence: 99%

SessionShield: Lightweight Protection against Session Hijacking

Nikiforakis

Meert

Younan

et al. 2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The class of Cross-site Scripting (XSS) vulnerabilities is the most prevalent security problem in the field of Web applications. One of the main attack vectors used in connection with XSS is session hijacking via session identifier theft. While session hijacking is a client-side attack, the actual vulnerability resides on the server-side and, thus, has to be handled by the website's operator. In consequence, if the operator fails to address XSS, the application's users are defenseless against session hijacking attacks. In this paper we present SessionShield, a lightweight client-side protection mechanism against session hijacking that allows users to protect themselves even if a vulnerable website's operator neglects to mitigate existing XSS problems. SessionShield is based on the observation that session identifier values are not used by legitimate clientside scripts and, thus, need not to be available to the scripting languages running in the browser. Our system requires no training period and imposes negligible overhead to the browser, therefore, making it ideal for desktop and mobile systems.

show abstract

Section: Related Workmentioning

confidence: 99%

SessionShield: Lightweight Protection against Session Hijacking

Nikiforakis

Meert

Younan

et al. 2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The novelty of our technique is as follows. While certain previous approaches [9,10,11] have used the transitive closure of the immediate-producer relation (which is known as a thin slice) to perform certain inexpensive, approximate analyses, ours is the first to our knowledge to use immediate producers within the overall context of a precise, path-sensitive analysis to skip localized regions of code conservatively.…”

Section: Our First Extensionmentioning

confidence: 99%

“…Sridharan et al originally proposed thin slicing to support program understanding and debugging tasks; they argued that thin slices were much smaller than full slices, while managing to include statements that are pertinent to program understanding and debugging tasks. Then, subsequently proposed approaches [11,10,9] have used the thin slice as a program abstraction (as opposed to using the full program) to carry out different kinds of analyses (not null-deference analysis, though). We did originally consider an approach similar to the ones referred to above.…”

Section: Comparison With a Simple Alternative Approachmentioning

confidence: 99%

“…A thin slice from a data reference r is basically the set of statements in the backward transitive closure of the immediate producer relation (defined in Section 3.1) from data reference r. Tripp et al [10] propose a technique to perform static taint analysis on Java programs to detect security vulnerabilities in web applications. Geay et al [9] perform static permission analysis on programs built by assembling components. This is done to find permissions for components such that these permissions are neither too restrictive nor too permissive.…”

Section: Virtual Calls and Call-backsmentioning

confidence: 99%

See 1 more Smart Citation

Two techniques to improve the precision of a demand-driven null-dereference verification approach

Margoor

Komondoor

2015

Science of Computer Programming

View full text Add to dashboard Cite

The problem addressed in this paper is sound, scalable, demand-driven nulldereference verification for Java programs. Our approach consists conceptually of a base analysis, plus two major extensions for enhanced precision. The base analysis is a dataflow analysis wherein we propagate formulas in the backward direction from a given dereference, and compute a necessary condition at the entry of the program for the dereference to be potentially unsafe. The extensions are motivated by the presence of certain "difficult" constructs in real programs, e.g., virtual calls with too many candidate targets, and library method calls, which happen to need excessive analysis time to be analyzed fully. The base analysis is hence configured to skip such a difficult construct when it is encountered by dropping all information that has been tracked so far that could potentially be affected by the construct. Our extensions are essentially more precise ways to account for the effect of these constructs on information that is being tracked, without requiring full analysis of these constructs. The first extension is a novel scheme to transmit formulas along certain kinds of def-use edges, while the second extension is based on using manually constructed backwarddirection summary functions of library methods. We have implemented our approach, and applied it on a set of real-life benchmarks. The base analysis is on average able to declare about 84% of dereferences in each benchmark as safe, while the two extensions push this number up to 91%.

show abstract

“…String analysis is a form of static program analysis which is to infer the possible values of string expressions [26,13,16,17,18,23,28]. Christensen et al [13] generate contextfree grammars with non-terminals representing string expressions in Java programs to approximate the possible values.…”

Section: Related Workmentioning

confidence: 99%

Virtual DOM coverage for effective testing of dynamic web applications

Zou

Chen

Zheng

et al. 2014

Proceedings of the 2014 International Symposium on Software Testing and Analysis

View full text Add to dashboard Cite

Test adequacy criteria are fundamental in software testing. Among them, code coverage criterion is widely used due to its simplicity and effectiveness. However, in dynamic web application testing, merely covering server-side script code is inadequate because it neglects client-side execution, which plays an important role in triggering client-server interactions to reach important execution states. Similarly, a criterion aiming at covering the UI elements on client-side pages ignores the server-side execution, leading to insufficiency.In this paper, we propose Virtual DOM (V-DOM) Coverage, a novel criterion, for effective web application testing. With static analysis, we first aggregate all the DOM objects that may be produced by a piece of server script to construct a V-DOM tree. The tree models execution on both the client-and server-sides such that V-DOM coverage is more effective than existing coverage criteria in web application testing. We conduct an empirical study on five real world dynamic web applications. We find that V-DOM tree can model much more DOM objects than a web crawling based technique. Test selection based on V-DOM tree criterion substantially outperforms the existing code coverage and UI element coverage, by detecting more faults.

show abstract

Modular string-sensitive permission analysis with demand-driven precision

Cited by 17 publications

References 27 publications

SessionShield: Lightweight Protection against Session Hijacking

SessionShield: Lightweight Protection against Session Hijacking

Two techniques to improve the precision of a demand-driven null-dereference verification approach

Virtual DOM coverage for effective testing of dynamic web applications

Contact Info

Product

Resources

About