Add to ORKGAbstract. Static taint analysis detects information flow vulnerabilities. It has gained considerable importance in the last decade, with the majority of work focusing on dataflow and points-to-based approaches. In this paper, we advocate type-based taint analysis. We present SFlow, a context-sensitive type system for secure information flow, and SFlowInfer, a corresponding worst-case cubic inference analysis. Our approach effec-tively handles reflection, libraries and frameworks, features notoriously difficult for dataflow and points-to-based taint analysis. We implemented SFlow and SFlowInfer. Empirical results on 13 real-world Java web applications show that our approach is scalable and also precise, achieving false positive rate of 15%.
Security of Java programs is important as they can be executed in different platforms. This paper ad...
A new approach to dynamic information flow analysis is presented that can be used to detect and debu...
We propose a type-based taint analysis for Android. Con-cretely, we present DFlow, a context-sensiti...
Abstract. Static taint analysis detects information flow vulnerabilities. It has gained considerable...
Over the past years, widely used platforms such as the Java Class Library have been under constant a...
exists in most web sites. The main reason is the lack of effective validation and filtering mechanis...
The most dangerous security-related software errors, according to the OWASP Top Ten 2017 list, affec...
Since the last decade, most of the enterprise applications were developed in Java because Java is be...
Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2013Interna...
Improperly validated user input is the underlying root cause for a wide variety of attacks on web-ba...
Integrity types can help detect information flow vulnerabilities in web applications and Android app...
The most dangerous security-related software errors, according to CWE 2011, are those leading to inj...
The article of record as published may be located at http://dx.doi.org/10.1016/S0167-4048(97)00002...
Software security vulnerabilities and leakages of private information are two of the main issues in ...
It is a common practice to retrieve code from an outside source, execute it and return the result to...
Security of Java programs is important as they can be executed in different platforms. This paper ad...
A new approach to dynamic information flow analysis is presented that can be used to detect and debu...
We propose a type-based taint analysis for Android. Con-cretely, we present DFlow, a context-sensiti...
Abstract. Static taint analysis detects information flow vulnerabilities. It has gained considerable...
Over the past years, widely used platforms such as the Java Class Library have been under constant a...
exists in most web sites. The main reason is the lack of effective validation and filtering mechanis...
The most dangerous security-related software errors, according to the OWASP Top Ten 2017 list, affec...
Since the last decade, most of the enterprise applications were developed in Java because Java is be...
Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2013Interna...
Improperly validated user input is the underlying root cause for a wide variety of attacks on web-ba...
Integrity types can help detect information flow vulnerabilities in web applications and Android app...
The most dangerous security-related software errors, according to CWE 2011, are those leading to inj...
The article of record as published may be located at http://dx.doi.org/10.1016/S0167-4048(97)00002...
Software security vulnerabilities and leakages of private information are two of the main issues in ...
It is a common practice to retrieve code from an outside source, execute it and return the result to...
Security of Java programs is important as they can be executed in different platforms. This paper ad...
A new approach to dynamic information flow analysis is presented that can be used to detect and debu...
We propose a type-based taint analysis for Android. Con-cretely, we present DFlow, a context-sensiti...