2013
DOI: 10.1007/978-3-642-37057-1_15
|View full text |Cite
|
Sign up to set email alerts
|

Andromeda: Accurate and Scalable Security Analysis of Web Applications

Abstract: Abstract. Security auditing of industry-scale software systems mandates automation. Static taint analysis enables deep and exhaustive tracking of suspicious data flows for detection of potential leakage and integrity violations, such as cross-site scripting (XSS), SQL injection (SQLi) and log forging. Research in this area has taken two directions: program slicing and type systems. Both of these approaches suffer from a high rate of false findings, which limits the usability of analysis tools based on these te… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
90
0

Year Published

2014
2014
2023
2023

Publication Types

Select...
4
3
1

Relationship

0
8

Authors

Journals

citations
Cited by 106 publications
(90 citation statements)
references
References 43 publications
0
90
0
Order By: Relevance
“…PiOS [16] uses program slicing and reachability analysis to detect the possible privacy leaks in iOS apps. TAJ [43] and Andromeda [42] uses the same taint analysis technique to identify privacy leaks in web applications.…”
Section: Related Workmentioning
confidence: 99%
“…PiOS [16] uses program slicing and reachability analysis to detect the possible privacy leaks in iOS apps. TAJ [43] and Andromeda [42] uses the same taint analysis technique to identify privacy leaks in web applications.…”
Section: Related Workmentioning
confidence: 99%
“…Much more sophisticated abstractions exist, in which facts can, for instance, model aliasing through sets of access paths [25] or even the abstract typestate of combinations of multiple objects [13]. The IFDS framework itself, however, is oblivious to the concrete abstraction being used; the abstraction is a free parameter to the framework.…”
Section: Overview Of the Ifds Frameworkmentioning
confidence: 99%
“…Tripp et al [25] efficiently update data-flow results by replacing the whole-program control-flow graph and pointer analysis with local information computed on demand during the taint propagation. This removes the need of recomputing these data structures when the target changes.…”
Section: Related Workmentioning
confidence: 99%
“…Approaches based on taint analysis [13], [14], [15], [16], [17], [18] and symbolic execution [19], [20] help identify and locate potential vulnerabilities in program code, and thus, could help with the auditor's tasks. Though none of these approaches, except for the work reported in [16], seems to explicitly address XMLi and XPathi, they could be adapted to detect these vulnerabilities.…”
Section: Introductionmentioning
confidence: 99%
“…We define a specific security slicing approach for the auditing of security vulnerabilities in program source code. Like taint analysis, our approach also uses static program analysis techniques, which are known to be scalable [17]. However, our analysis additionally extracts control-dependency information, which is often important for security auditing of input validation and sanitization procedures.…”
Section: Introductionmentioning
confidence: 99%