Lerch, Johannes ; Hermann, Ben ; Bodden, Eric ; Mezini, Mira (2014)
FlowTwist: Efficient Context-sensitive Inside-out Taint Analysis for Large Codebases.
Proceedings of the 22Nd ACM SIGSOFT International Symposium on Foundations of Software Engineering.
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Over the past years, widely used platforms such as the Java Class Library have been under constant attack through vulnerabilities that involve a combination of two taint-analysis problems: an integrity problem allowing attackers to trigger sensitive operations within the platform, and a confidentiality problem allowing the attacker to retrieve sensitive information or pointers from the results of those operations. While existing static taint analyses are good at solving either of those problems, we show that they scale prohibitively badly when being applied to situations that require the exploitation of both an integrity and confidentiality problem in combination. The main problem is the huge attack surface of libraries such as the Java Class Library, which exposes thousands of methods potentially controllable by an attacker. In this work we thus present FlowTwist, a novel taint-analysis approach that works inside-out, i.e., tracks data flows from potentially vulnerable calls to the outer level of the API which the attacker might control. This inside-out analysis requires a careful, context-sensitive coordination of both a backward and a forward taint analysis. In this work, we expose a design of the analysis approach based on the IFDS algorithm, and explain several extensions to IFDS that enable not only this coordination but also a helpful reporting of error situations to security analysts. Experiments with the Java Class Library show that, while a simple forward taint-analysis approach does not scale even with much machine power, FlowTwist's algorithm is able to fully analyze the library within 10 minutes.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2014 |
| Autor(en): | Lerch, Johannes ; Hermann, Ben ; Bodden, Eric ; Mezini, Mira |
| Art des Eintrags: | Bibliographie |
| Titel: | FlowTwist: Efficient Context-sensitive Inside-out Taint Analysis for Large Codebases |
| Sprache: | Englisch |
| Publikationsjahr: | November 2014 |
| Ort: | New York, NY, USA |
| Verlag: | ACM |
| Reihe: | FSE 2014 |
| Veranstaltungstitel: | Proceedings of the 22Nd ACM SIGSOFT International Symposium on Foundations of Software Engineering |
| URL / URN: | http://doi.acm.org/10.1145/2635868.2635878 |
| Kurzbeschreibung (Abstract): | Over the past years, widely used platforms such as the Java Class Library have been under constant attack through vulnerabilities that involve a combination of two taint-analysis problems: an integrity problem allowing attackers to trigger sensitive operations within the platform, and a confidentiality problem allowing the attacker to retrieve sensitive information or pointers from the results of those operations. While existing static taint analyses are good at solving either of those problems, we show that they scale prohibitively badly when being applied to situations that require the exploitation of both an integrity and confidentiality problem in combination. The main problem is the huge attack surface of libraries such as the Java Class Library, which exposes thousands of methods potentially controllable by an attacker. In this work we thus present FlowTwist, a novel taint-analysis approach that works inside-out, i.e., tracks data flows from potentially vulnerable calls to the outer level of the API which the attacker might control. This inside-out analysis requires a careful, context-sensitive coordination of both a backward and a forward taint analysis. In this work, we expose a design of the analysis approach based on the IFDS algorithm, and explain several extensions to IFDS that enable not only this coordination but also a helpful reporting of error situations to security analysts. Experiments with the Java Class Library show that, while a simple forward taint-analysis approach does not scale even with much machine power, FlowTwist's algorithm is able to fully analyze the library within 10 minutes. |
| Freie Schlagworte: | IFDS, Taint analysis, confused deputy |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik > Softwaretechnik 20 Fachbereich Informatik > EC SPRIDE 20 Fachbereich Informatik > EC SPRIDE > Secure Software Engineering 20 Fachbereich Informatik Zentrale Einrichtungen |
| Hinterlegungsdatum: | 08 Dez 2014 07:55 |
| Letzte Änderung: | 08 Dez 2014 07:55 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum