Purity analysis for JavaScript through abstract interpretation

Nicolay, Jens; Stiévenart, Quentin; Meuter, Wolfgang De; Roover, Coen De

doi:10.1002/smr.1889

Cited by 4 publications

(4 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Setup We use JIPDA [34] as a configurable abstract interpreter to perform static analysis of JavaScript programs and abstractly execute policy code. We employed JIPDA because it is possible to steer the abstract interpreter for implementing our 2-phase approach, and it implements a version of the syntax and semantics presented in section 4.…”

Section: Discussionmentioning

confidence: 99%

“…That work presented js 0 , a core functional language that models a subset of JavaScript, and a static analysis that models the execution of js 0 programs as a flow graph from which information about control and value flow, and effects can be extracted. In this section, we present the syntax and semantics of js 0 based on its original specification in [34]. We focus on the relevant features to understand the contributions of this work and include the details on the components and operations of the abstract machine in appendix D.…”

Section: Phase 1: Static Analysis Of Base Programsmentioning

confidence: 99%

“…We now elaborate on our two-phase abstract interpretation approach based on the calculus presented in prior work [34]. That work presented js 0 , a core functional language that models a subset of JavaScript, and a static analysis that models the execution of js 0 programs as a flow graph from which information about control and value flow, and effects can be extracted.…”

Section: Phase 1: Static Analysis Of Base Programsmentioning

confidence: 99%

See 2 more Smart Citations

Deriving Static Security Testing from Runtime Security Protection for Web Applications

2021

Self Cite

View full text Add to dashboard Cite

Context: Static Application Security Testing (SAST) and Runtime Application Security Protection (RASP) are important and complementary techniques used for detecting and enforcing application-level security policies in web applications.Inquiry: The current state of the art, however, does not allow a safe and efficient combination of SAST and RASP based on a shared set of security policies, forcing developers to reimplement and maintain the same policies and their enforcement code in both tools.Approach: In this work, we present a novel technique for deriving SAST from an existing RASP mechanism by using a two-phase abstract interpretation approach in the SAST component that avoids duplicating the effort of specifying security policies and implementing their semantics. The RASP mechanism enforces security policies by instrumenting a base program to trap security-relevant operations and execute the required policy enforcement code. The static analysis of security policies is then obtained from the RASP mechanism by first statically analyzing the base program without any traps. The results of this first phase are used in a second phase to detect trapped operations and abstractly execute the associated and unaltered RASP policy enforcement code.Knowledge: Splitting the analysis into two phases enables running each phase with a specific analysis configuration, rendering the static analysis approach tractable while maintaining sufficient precision.Grounding: We validate the applicability of our two-phase analysis approach by using it to both dynamically enforce and statically detect a range of security policies found in related work. Our experiments suggest that our two-phase analysis can enable faster and more precise policy violation detection compared to analyzing the full instrumented application under a single analysis configuration.Importance: Deriving a SAST component from a RASP mechanism enables equivalent semantics for the security policies across the static and dynamic contexts in which policies are verified during the software development lifecycle. Moreover, our two-phase abstract interpretation approach does not require RASP developers to reimplement the enforcement code for static analysis.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Phase 1: Static Analysis Of Base Programsmentioning

confidence: 99%

Section: Phase 1: Static Analysis Of Base Programsmentioning

confidence: 99%

See 1 more Smart Citation

Deriving Static Security Testing from Runtime Security Protection for Web Applications

2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…Modf itself also uses AAM-style semantics for its small-step analysis of functions, which makes the comparison with the AAM analyzer justified and straightforward, the latter also on a technical level by maximizing code reuse. Applications of AAM are found in various domains, such as detecting function purity [18], performing symbolic execution for contracts [15], analyzing concurrent programs [14,23,24], determining function coupling [16], discovering security vulnerabilities [17] or performing malware analysis [11]. The approach used by Modf could improve the performance of such applications and other client analyses without impacting their precision.…”

Section: Related Workmentioning

confidence: 99%

Effect-Driven Flow Analysis

Nicolay

Stiévenart

Meuter

et al. 2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Traditional machine-based static analyses use a worklist algorithm to explore the analysis state space, and compare each state in the worklist against a set of seen states as part of their fixed-point computation. This may require many state comparisons, which gives rise to a computational overhead. Even an analysis with a global store has to clear its set of seen states each time the store updates because of allocation or side-effects, which results in more states being reanalyzed and compared. In this work we present a static analysis technique, Modf, that does not rely on a set of seen states, and apply it to a machine-based analysis with global-store widening. Modf analyzes one function execution at a time to completion while tracking read, write, and call effects. These effects trigger the analysis of other function executions, and the analysis terminates when no new effects can be discovered. We compared Modf to a traditional machine-based analysis implementation on a set of 20 benchmark programs and found that Modf is faster for 17 programs with speedups ranging between 1.4x and 12.3x. Furthermore, Modf exhibits similar precision as the traditional analysis on most programs and yields state graphs that are comparable in size.

show abstract