< Terug naar vorige pagina
Publicatie
Static Taint Analysis of Event-driven Scheme Programs
Boekbijdrage - Boekhoofdstuk Conferentiebijdrage
Event-driven programs consist of event listeners that can be registered dynamically with different types of events. The order in which these events are triggered is, however, non-deterministic. This combination of dynamicity and non-determinism renders reasoning about event-driven applications difficult. For example, it is possible that only a particular sequence of events causes certain program behavior to occur. However, manually determining the event sequence from all possibilities is not a feasible solution. Tool support is in order.
We present a static analysis that computes a sound over-approximation of the behavior of an event-driven program. We use this analysis as the foundation for a tool that warns about potential leaks of sensitive information in event-driven Scheme programs. We innovate by presenting developers a regular expression that describes the sequence of events that must be triggered for the leak to occur. We assess precision, recall, and accuracy of the tool’s results on a set of benchmark programs that model the essence of security vulnerabilities found in the literature.
We present a static analysis that computes a sound over-approximation of the behavior of an event-driven program. We use this analysis as the foundation for a tool that warns about potential leaks of sensitive information in event-driven Scheme programs. We innovate by presenting developers a regular expression that describes the sequence of events that must be triggered for the leak to occur. We assess precision, recall, and accuracy of the tool’s results on a set of benchmark programs that model the essence of security vulnerabilities found in the literature.
Boek: Proceedings of the 10th European Lisp Symposium
Pagina's: 80-87
Aantal pagina's: 8
Jaar van publicatie:2017
Toegankelijkheid:Open