TAJ: effective taint analysis of web applications. Taint analysis, a form of information-flow analysis, establishes whether values from untrusted methods and parameters may flow into security-sensitive operations. Taint analysis can detect many common vulnerabilities in Web applications, and so has attracted much attention from both the research community and industry. However, most static taint-analysis tools do not address critical requirements for an industrial-strength tool. Specifically, an industrial-strength tool must scale to large industrial Web applications, model essential Web-application code artifacts, and generate consumable reports for a wide range of attack vectors. We have designed and implemented a static Taint Analysis for Java (TAJ) that meets the requirements of industry-level applications. TAJ can analyze applications of virtually any size, as it employs a set of techniques designed to produce useful answers given limited time and space. TAJ addresses a wide variety of attack vectors, with techniques to handle reflective calls, flow through containers, nested taint, and issues in generating useful reports. This paper provides a description of the algorithms comprising TAJ, evaluates TAJ against production-level benchmarks, and compares it with alternative solutions.
Keywords for this software
References in zbMATH (referenced in 7 articles )
Showing results 1 to 7 of 7.
- Ferrara, Pietro; Olivieri, Luca; Spoto, Fausto: \textsfBackFlow: backward context-sensitive flow reconstruction of taint analysis results (2020)
- Wüstholz, Valentin; Olivo, Oswaldo; Heule, Marijn J. H.; Dillig, Isil: Static detection of DoS vulnerabilities in programs that use regular expressions (2017)
- Prokhorenko, Victor; Choo, Kim-Kwang Raymond; Ashman, Helen: Context-oriented web application protection model (2016)
- Rimsa, Andrei; D’Amorim, Marcelo; Pereira, Fernando Magno Quintão; Bigonha, Roberto S.: Efficient static checker for tainted variable attacks (2014)
- Beringer, Lennart; Grabowski, Robert; Hofmann, Martin: Verifying pointer and string analyses with region type systems (2013)
- Zhu, Haiyan; Dillig, Thomas; Dillig, Isil: Automated inference of library specifications for source-sink property verification (2013)
- Zhang, Ruoyu; Huang, Shiqiu; Qi, Zhengwei; Guan, Haibing: Static program analysis assisted dynamic taint tracking for software vulnerability discovery (2012) ioport