Visible to the public Using Precise Taint Tracking for Auto-sanitization

TitleUsing Precise Taint Tracking for Auto-sanitization
Publication TypeConference Paper
Year of Publication2017
AuthorsSaoji, Tejas, Austin, Thomas H., Flanagan, Cormac
Conference NameProceedings of the 2017 Workshop on Programming Languages and Analysis for Security
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-5099-0
KeywordsCross Site Scripting, Cross Site Scripting (XSS), Human Behavior, human factor, human factors, JavaScript, pubcrawl, resilience, Resiliency, Scalability, SQL Injection, taint analysis, Web Application Security
Abstract

Taint analysis has been used in numerous scripting languages such as Perl and Ruby to defend against various form of code injection attacks, such as cross-site scripting (XSS) and SQL-injection. However, most taint analysis systems simply fail when tainted information is used in a possibly unsafe manner. In this paper, we explore how precise taint tracking can be used in order to secure web content. Rather than simply crashing, we propose that a library-writer defined sanitization function can instead be used on the tainted portions of a string. With this approach, library writers or framework developers can design their tools to be resilient, even if inexperienced developers misuse these libraries in unsafe ways. In other words, developer mistakes do not have to result in system crashes to guarantee security. We implement both coarse-grained and precise taint tracking in JavaScript, and show how our precise taint tracking API can be used to defend against SQL injection and XSS attacks. We further evaluate the performance of this approach, showing that precise taint tracking involves an overhead of approximately 22%.

URLhttp://doi.acm.org/10.1145/3139337.3139341
DOI10.1145/3139337.3139341
Citation Keysaoji_using_2017