Pun, Ka I. ; Steffen, Martin ; Stolz, Volker ; Wickert, Anna-Katharina ; Bodden, Eric ; Eichberg, Michael
Hrsg.: Larsen, Kim G. ; Srba, Jiří (2016)
Don't let data Go astray - A Context-Sensitive Taint Analysis for Concurrent Programs in Go.
Nordic Workshop on Programming Theory (NWPT'16).
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Taint analysis is a form of data flow analysis aiming at secure information flow. For example, unchecked user input is considered typically as “tainted”, i.e., as untrusted and potentially dangerous. Untrusted data may lead to corrupt memory, undermine the correct functioning or privacy concerns of the software otherwise, if it reaches program points it is not supposed to. Many common attack vectors exploit vulnerabilities based on unchecked data and the programmer’s negligence of foreseeing all possible user inputs (including malicious ones) and the resulting information flows through the program. We present a static taint analysis for Go, a modern, statically typed programming language. Go in particular features concurrent programming, supporting light-weight threads dubbed “goroutines”, and message-based communication. Beside a classical context-sensitive taint analysis, the paper presents a solution for analyzing channel communication in Go. A longer version of the material will appear in [2].
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2016 |
| Herausgeber: | Larsen, Kim G. ; Srba, Jiří |
| Autor(en): | Pun, Ka I. ; Steffen, Martin ; Stolz, Volker ; Wickert, Anna-Katharina ; Bodden, Eric ; Eichberg, Michael |
| Art des Eintrags: | Bibliographie |
| Titel: | Don't let data Go astray - A Context-Sensitive Taint Analysis for Concurrent Programs in Go |
| Sprache: | Englisch |
| Publikationsjahr: | 31 Oktober 2016 |
| Ort: | Aalborg |
| Veranstaltungstitel: | Nordic Workshop on Programming Theory (NWPT'16) |
| Kurzbeschreibung (Abstract): | Taint analysis is a form of data flow analysis aiming at secure information flow. For example, unchecked user input is considered typically as “tainted”, i.e., as untrusted and potentially dangerous. Untrusted data may lead to corrupt memory, undermine the correct functioning or privacy concerns of the software otherwise, if it reaches program points it is not supposed to. Many common attack vectors exploit vulnerabilities based on unchecked data and the programmer’s negligence of foreseeing all possible user inputs (including malicious ones) and the resulting information flows through the program. We present a static taint analysis for Go, a modern, statically typed programming language. Go in particular features concurrent programming, supporting light-weight threads dubbed “goroutines”, and message-based communication. Beside a classical context-sensitive taint analysis, the paper presents a solution for analyzing channel communication in Go. A longer version of the material will appear in [2]. |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Softwaretechnik |
| Hinterlegungsdatum: | 19 Apr 2018 13:28 |
| Letzte Änderung: | 26 Nov 2021 10:39 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum