TAJ
Top Cited Papers
- 15 June 2009
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM)
- Vol. 44 (6), 87-97
- https://doi.org/10.1145/1542476.1542486
Abstract
Taint analysis, a form of information-flow analysis, establishes whether values from untrusted methods and parameters may flow into security-sensitive operations. Taint analysis can detect many common vulnerabilities in Web applications, and so has attracted much attention from both the research community and industry. However, most static taint-analysis tools do not address critical requirements for an industrial-strength tool. Specifically, an industrial-strength tool must scale to large industrial Web applications, model essential Web-application code artifacts, and generate consumable reports for a wide range of attack vectors. We have designed and implemented a static Taint Analysis for Java (TAJ) that meets the requirements of industry-level applications. TAJ can analyze applications of virtually any size, as it employs a set of techniques designed to produce useful answers given limited time and space. TAJ addresses a wide variety of attack vectors, with techniques to handle reflective calls, flow through containers, nested taint, and issues in generating useful reports. This paper provides a description of the algorithms comprising TAJ, evaluates TAJ against production-level benchmarks, and compares it with alternative solutions.Keywords
This publication has 24 references indexed in Scilit:
- Quantitative information flow as network flow capacityPublished by Association for Computing Machinery (ACM) ,2008
- Static detection of cross-site scripting vulnerabilitiesPublished by Association for Computing Machinery (ACM) ,2008
- Sound and precise analysis of web applications for injection vulnerabilitiesPublished by Association for Computing Machinery (ACM) ,2007
- Efficient path conditions in dependence graphs for software safety analysisACM Transactions on Software Engineering and Methodology, 2006
- Interprocedural Analysis for Privileged Code Placement and Tainted Variable DetectionLecture Notes in Computer Science, 2005
- Reflection Analysis for JavaLecture Notes in Computer Science, 2005
- Parameterized object sensitivity for points-to analysis for JavaACM Transactions on Software Engineering and Methodology, 2005
- Efficiently computing static single assignment form and the control dependence graphACM Transactions on Programming Languages and Systems, 1991
- Certification of programs for secure information flowCommunications of the ACM, 1977
- A lattice model of secure information flowCommunications of the ACM, 1976