Visible to the public Biblio

Filters: Author is Austin, Thomas H.  [Clear All Filters]
2018-02-15
Saoji, Tejas, Austin, Thomas H., Flanagan, Cormac.  2017.  Using Precise Taint Tracking for Auto-sanitization. Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security. :15–24.

Taint analysis has been used in numerous scripting languages such as Perl and Ruby to defend against various form of code injection attacks, such as cross-site scripting (XSS) and SQL-injection. However, most taint analysis systems simply fail when tainted information is used in a possibly unsafe manner. In this paper, we explore how precise taint tracking can be used in order to secure web content. Rather than simply crashing, we propose that a library-writer defined sanitization function can instead be used on the tainted portions of a string. With this approach, library writers or framework developers can design their tools to be resilient, even if inexperienced developers misuse these libraries in unsafe ways. In other words, developer mistakes do not have to result in system crashes to guarantee security. We implement both coarse-grained and precise taint tracking in JavaScript, and show how our precise taint tracking API can be used to defend against SQL injection and XSS attacks. We further evaluate the performance of this approach, showing that precise taint tracking involves an overhead of approximately 22%.

Austin, Thomas H., Schmitz, Tommy, Flanagan, Cormac.  2017.  Multiple Facets for Dynamic Information Flow with Exceptions. ACM Trans. Program. Lang. Syst.. 39:10:1–10:56.
JavaScript is the source of many security problems, including cross-site scripting attacks and malicious advertising code. Central to these problems is the fact that code from untrusted sources runs with full privileges. Information flow controls help prevent violations of data confidentiality and integrity. This article explores faceted values, a mechanism for providing information flow security in a dynamic manner that avoids the stuck executions of some prior approaches, such as the no-sensitive-upgrade technique. Faceted values simultaneously simulate multiple executions for different security levels to guarantee termination-insensitive noninterference. We also explore the interaction of faceted values with exceptions, declassification, and clearance.
2017-09-15
Vemparala, Swapna, Di Troia, Fabio, Corrado, Visaggio Aaron, Austin, Thomas H., Stamo, Mark.  2016.  Malware Detection Using Dynamic Birthmarks. Proceedings of the 2016 ACM on International Workshop on Security And Privacy Analytics. :41–46.

In this paper, we compare the effectiveness of Hidden Markov Models (HMMs) with that of Profile Hidden Markov Models (PHMMs), where both are trained on sequences of API calls. We compare our results to static analysis using HMMs trained on sequences of opcodes, and show that dynamic analysis achieves significantly stronger results in many cases. Furthermore, in comparing our two dynamic analysis approaches, we find that using PHMMs consistently outperforms our technique based on HMMs.