Detecting Input Sanitization Errors in Scala

Submitted by grigby1 on Thu, 07/09/2020 - 1:57pm

Title	Detecting Input Sanitization Errors in Scala
Publication Type	Conference Paper
Year of Publication	2019
Authors	Ashouri, Mohammadreza
Conference Name	2019 Seventh International Symposium on Computing and Networking Workshops (CANDARW)
Date Published	Nov. 2019
Publisher	IEEE
ISBN Number	978-1-7281-5268-4
Keywords	compositionality, data deletion, Data Sanitization, dynamic taint analyzer, Error, Functional programming, high-level language, Human Behavior, human factors, Input Sanitization, input sanitization errors, object-oriented programming, privacy, program diagnostics, programming languages, pubcrawl, resilience, Resiliency, Scala applications, Scala Compiler, Scala programming language, Scalability, ScalaTaint, security of data, sensitive sink methods, static types, taint analysis
Abstract	Scala programming language combines object-oriented and functional programming in one concise, high-level language, and the language supports static types that help to avoid bugs in complex programs. This paper proposes a dynamic taint analyzer called ScalaTaint for Scala applications. The analyzer traces the propagation of malicious inputs from untrusted sources to sensitive sink methods in programs that can be exploited by adversaries. In this work, we evaluated the accuracy of ScalaTaint with a security benchmark suite including 7 projects in Scala. As a result, our analyzer could report 49 vulnerabilities within 753,372 lines of code. Moreover, the result of our performance measurement on ScalaBench shows 67% runtime overhead that demonstrates the usefulness and efficiently of our technique in comparison with similar tools.
URL	https://ieeexplore.ieee.org/document/8951588
DOI	10.1109/CANDARW.2019.00062
Citation Key	ashouri_detecting_2019

Groups:

Science of Security VO