Dynamic multi-process information flow tracking for web application security

Nanda, Susanta; Lam, Lap-chung; Chiueh, Tzi‐cker

doi:10.1145/1377943.1377956

Cited by 23 publications

(17 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Secure Coding Practices [27,37,50] Lexical Analysis [9,10,49,54] Data-Flow Analysis [17,30] Context Free Grammars [52,53] New APIs [13,36] Learning [15,32,48] Query Modification [4,7,46] Runtime Tainting [22,29,42,56] Data-Flow Analysis [51] Hybrid [24,25,35] Syntax Embeddings [5] Intrusion Set Randomization [3,28,31] The most straightforward and sensible approach is the adoption of secure coding practices [27,50,37], like the ones we mentioned above to prevent sql code injection. However, this does not always happen, as programmers may not be aware of them, or time schedules may be tight, encouraging sloppy practices instead.…”

Section: Static Methods Dynamic Methodsmentioning

confidence: 99%

“…For instance, the system by Haldar et al [56] covers applications whose source code is written in Java, while the work by Xu et al [22] covers applications whose source code is written in C. A dynamic checking compiler called wasc includes runtime tainting to prevent sql and script injection [42]. To counter similar attacks, smask identifies tainted code by automatically separating user input from legitimate code [29].…”

Section: Dynamic Methodsmentioning

confidence: 99%

See 1 more Smart Citation

Countering code injection attacks: a unified approach

Mitropoulos

Karakoidas

Λουρίδας

et al. 2011

Information Management &Amp; Computer Security

View full text Add to dashboard Cite

Code injection exploits a software vulnerability through which a malicious user can make an application run unauthorized code. Server applications frequently employ dynamic and domain-specific languages, which are used as vectors for the attack. We propose a generic approach that prevents the class of injection attacks involving these vectors: our scheme detects attacks by using location-specific signatures to validate code statements. The signatures are unique identifiers that represent specific characteristics of a statement's execution. We have applied our approach successfully to defend against attacks targeting sql, xpath and JavaScript.

show abstract

Section: Static Methods Dynamic Methodsmentioning

confidence: 99%

Section: Dynamic Methodsmentioning

confidence: 99%

Countering code injection attacks: a unified approach

Mitropoulos

Karakoidas

Λουρίδας

et al. 2011

Information Management &Amp; Computer Security

View full text Add to dashboard Cite

show abstract

“…Newsome at al., have proposed dynamic tainting analysis for detecting exploits on commodity systems. Tainting has been also used solely in securing web applications [27,19,20], and, partially, for detecting and preventing code-injection attacks [18,21]. However, all of these frameworks target very precise problems, such as cross-site scripting [27] and SQL injection, or apply selectively to an isolated layer of the complete system.…”

Section: Related Workmentioning

confidence: 99%

Practical information flow for legacy web applications

Chinis

Pratikakis

Ioannidis

et al. 2013

Proceedings of the 8th Workshop on Implementation, Compilation, Optimization of Object-Oriented Languages, Programs and Systems

View full text Add to dashboard Cite

The popularity of web applications, coupled with the data they operate on, makes them prime targets for miscreants that want to misuse them. To make matters worse, a lot of these applications, have not been implemented with security in mind, while refactoring an existing, large web application to implement a security or privacy policy is prohibitively difficult. This paper presents LabelFlow, an extension of PHP that simplifies implementation of security policies in web applications. To enforce a policy, LabelFlow tracks the propagation of information throughout the application, transparently and efficiently, both in the PHP runtime and through persistent storage. We provide strong theoretical guarantees for the policy enforcement in LabelFlow; we define its semantics for a simple calculus and prove that it protects against information leaks. LabelFlow is applicable to real-world large scale web applications. We used LabelFlow to add and enforce access control policies in three popular web application MediaWiki, Wordpress and OpenCart with minimal execution overhead and code changes.

show abstract

“…WASC [40] is a compiler that adds taint checking in web applications to project against SQL and script injection attacks. An alternate approach is to use static taint propagation to detect vulnerabilities statically [51].…”

Section: Related Workmentioning

confidence: 99%

“…First, it combines application replay with offline taint analysis. Tainting has generally been used online for securing applications [40,42,51], but we are not aware of its use for data recovery. Second, we explore the benefits of finer-grained field-level dependencies at the database-tier than existing approaches that use row-level tainting [24,29,37].…”

Section: Introductionmentioning

confidence: 99%

Data recovery for web applications

Akkuş

Goel

2010

2010 IEEE/IFIP International Conference on Dependable Systems &Amp; Networks (DSN)

View full text Add to dashboard Cite

Web applications store their data at the server. Despite several benefits, this design raises a serious problem because a bug or misconfiguration causing data loss or corruption can affect a large number of users. We describe the design of a generic recovery system for web applications. Our system tracks application requests and reuses undo logs already kept by databases to selectively recover from corrupting requests and their effects. The main challenge is to correlate requests across the multiple tiers of the application to determine the correct recovery actions. We explore using dependencies both within and across requests at three layers, (i.e., database, application, client) to help identify data corruption accurately. We evaluate our system using known bugs and misconfigurations in popular web applications, including Wordpress, Drupal and Gallery2. Our results show that our system enables recovery from data corruption without loss of critical data incurring little overhead while tracking requests.ii Acknowledgements I would like to thank to my advisor Prof. Ashvin Goel for his guidance, time and patience.

show abstract

Dynamic multi-process information flow tracking for web application security

Cited by 23 publications

References 3 publications

Countering code injection attacks: a unified approach

Countering code injection attacks: a unified approach

Practical information flow for legacy web applications

Data recovery for web applications

Contact Info

Product

Resources

About