Static Taint Analysis of Event-driven Scheme Programs.

Event-driven programs consist of event listeners that can be registered dynamically with different types of events. The order in which these events are triggered is, however, nondeterministic. This combination of dynamicity and nondeterminism renders reasoning about event-driven applications difficult. For example, it is possible that only a particular sequence of events causes certain program behavior to occur. However, manually determining the event sequence from all possibilities is not a feasible solution. Tool support is in order. We present a static analysis that computes a sound overapproximation of the behavior of an event-driven program. We use this analysis as the foundation for a tool that warns about potential leaks of sensitive information in event-driven Scheme programs. We innovate by presenting developers a regular expression that describes the sequence of events that must be triggered for the leak to occur. We assess precision, recall, and accuracy of the tool’s results on a set of benchmark programs that model the essence of security vulnerabilities found in the literature.

[1]  Patrick Cousot,et al.  Andromeda: Accurate and Scalable Security Analysis of Web Applications , 2013, FASE.

[2]  Matthew Might,et al.  Hash-flow taint analysis of higher-order programs , 2012, PLAS.

[3]  Matthew Might,et al.  Abstracting abstract machines , 2010, ICFP '10.

[4]  Nelma Moreira,et al.  On the performance of automata minimization algorithms , 2007 .

[5]  Frank Tip,et al.  Static analysis of event-driven Node.js JavaScript applications , 2015, OOPSLA.

[6]  Michael Sipser,et al.  Introduction to the Theory of Computation , 1996, SIGA.

[7]  Manu Sridharan,et al.  TAJ: effective taint analysis of web applications , 2009, PLDI '09.

[8]  Matthew Might,et al.  Improving flow analyses via ΓCFA: abstract garbage collection and counting , 2006, ICFP '06.

[9]  Laurie Hendren,et al.  Soot: a Java bytecode optimization framework , 2010, CASCON.

[10]  Peter Thiemann,et al.  Type Analysis for JavaScript , 2009, SAS.

[11]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[12]  Coen De Roover,et al.  Scala-AM: A Modular Static Analysis Framework , 2016, 2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation (SCAM).

[13]  Christopher Krügel,et al.  Pixy: a static analysis tool for detecting Web application vulnerabilities , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[14]  Carolyn L. Talcott,et al.  A foundation for actor computation , 1997, Journal of Functional Programming.

[15]  Marco Pistoia,et al.  Saving the world wide web from vulnerable JavaScript , 2011, ISSTA '11.

[16]  Olin Shivers,et al.  Control-flow analysis of higher-order languages of taming lambda , 1991 .

[17]  Ben Hardekopf,et al.  JSAI: a static analysis platform for JavaScript , 2014, SIGSOFT FSE.

[18]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[19]  C. Papadimitriou,et al.  Introduction to the Theory of Computation , 2018 .

[20]  David B. Whalley,et al.  Avoiding conditional branches by code replication , 1995, PLDI '95.