research-article

FlowTwist: efficient context-sensitive inside-out taint analysis for large codebases

Authors:

Johannes Lerch,

Mira MeziniAuthors Info & Claims

FSE 2014: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering

Pages 98 - 108

https://doi.org/10.1145/2635868.2635878

Published: 11 November 2014 Publication History

Abstract

Over the past years, widely used platforms such as the Java Class Library have been under constant attack through vulnerabilities that involve a combination of two taint-analysis problems: an integrity problem allowing attackers to trigger sensitive operations within the platform, and a confidentiality problem allowing the attacker to retrieve sensitive information or pointers from the results of those operations. While existing static taint analyses are good at solving either of those problems, we show that they scale prohibitively badly when being applied to situations that require the exploitation of both an integrity and confidentiality problem in combination. The main problem is the huge attack surface of libraries such as the Java Class Library, which exposes thousands of methods potentially controllable by an attacker. In this work we thus present FlowTwist, a novel taint-analysis approach that works inside-out, i.e., tracks data flows from potentially vulnerable calls to the outer level of the API which the attacker might control. This inside-out analysis requires a careful, context-sensitive coordination of both a backward and a forward taint analysis. In this work, we expose a design of the analysis approach based on the IFDS algorithm, and explain several extensions to IFDS that enable not only this coordination but also a helpful reporting of error situations to security analysts. Experiments with the Java Class Library show that, while a simple forward taint-analysis approach does not scale even with much machine power, FlowTwist's algorithm is able to fully analyze the library within 10 minutes.

References

[1]

E. Bodden. Inter-procedural data-flow analysis with IFDS/IDE and Soot. In 1st ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis, pages 3–8, 2012.

Digital Library

[2]

S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, and B. Shastry. Towards taming privilege-escalation attacks on Android. In 19th Annual Network and Distributed System Security Symposium, 2012.

[3]

J. Dean, D. Grove, and C. Chambers. Optimization of object-oriented programs using static class hierarchy analysis. In ECOOP’95—Object-Oriented Programming, 9th European Conference, ˚ Aarhus, Denmark, August 7–11, 1995, pages 77–101. Springer, 1995.

Digital Library

[4]

M. Egele, D. Brumley, Y. Fratantonio, and C. Kruegel. An empirical study of cryptographic misuse in android applications. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS ’13, pages 73–84, New York, NY, USA, 2013. ACM.

Digital Library

[5]

C. Fritz, S. Arzt, S. Rasthofer, E. Bodden, A. Bartel, J. Klein, Y. le Traon, D. Octeau, and P. McDaniel. Highly precise taint analysis for android applications. Technical Report TUD-CS-2013-0113, EC SPRIDE, 2013.

[6]

S. Genaim and F. Spoto. Information flow analysis for java bytecode. In Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation, pages 346–362, 2005.

Digital Library

[7]

D. Giffhorn and G. Snelting. A new algorithm for low-deterministic security. Technical report, Karlsruhe Institute of Technology, 2012.

[8]

M. Grace, Y. Zhou, Z. Wang, and X. Jiang. Systematic detection of capability leaks in stock android smartphones. In Proceedings of the 19th Annual Symposium on Network and Distributed System Security, 2012.

[9]

J. Graf, M. Hecker, and M. Mohr. Using JOANA for Information Flow Control in Java Programs - A Practical Guide. In Proceedings of the 6th Working Conference on Programming Languages, 2013.

[10]

C. Hammer and G. Snelting. Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs. International Journal of Information Security, 8(6):399–422, 2009.

Digital Library

[11]

N. Hardy. The confused deputy:(or why capabilities might have been invented). ACM SIGOPS Operating Systems Review, 22(4):36–38, 1988.

Digital Library

[12]

J. Hoffmann, M. Ussath, T. Holz, and M. Spreitzenbarth. Slicing droids: Program slicing for smali code. In Proceedings of the 28th Annual ACM Symposium on Applied Computing, SAC ’13, pages 1844–1851, New York, NY, USA, 2013. ACM.

Digital Library

[13]

Julia. http://www.juliasoft.com/products, retrieved 2014-03-16.

[14]

P. Lam, E. Bodden, O. Lhoták, and L. Hendren. The Soot framework for Java program analysis: a retrospective. In Cetus Users and Compiler Infrastructure Workshop, 2011.

[15]

L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang. CHEX: Statically vetting android apps for component hijacking vulnerabilities. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 229–240, 2012.

Digital Library

[16]

C. Marforio, A. Francillon, S. Capkun, S. Capkun, and S. Capkun. Application collusion attack on the permission-based security model and its implications for modern smartphone systems. Department of Computer Science, ETH Zurich, 2011.

[17]

N. A. Naeem, O. Lhoták, and J. Rodriguez. Practical extensions to the IFDS algorithm. In Proceedings of the 19th joint European conference on Theory and Practice of Software, international conference on Compiler Construction, pages 124–144, 2010.

Digital Library

[18]

D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein, and Y. L. Traon. Effective inter-component communication mapping in android: An essential step towards holistic security analysis. In USENIX Security Symposium 2013, 2013.

Digital Library

[19]

T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 49–61, 1995.

Digital Library

[20]

M. Sridharan, S. Artzi, M. Pistoia, S. Guarnieri, O. Tripp, and R. Berg. F4F: taint analysis of framework-based web applications. In Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications, pages 1053–1068, 2011.

Digital Library

[21]

O. Tripp, M. Pistoia, P. Cousot, R. Cousot, and S. Guarnieri. Andromeda: Accurate and scalable security analysis of web applications. In Proceedings of the 16th International Conference on Fundamental Approaches to Software Engineering, 2013.

Digital Library

[22]

O. Tripp, M. Pistoia, S. J. Fink, M. Sridharan, and O. Weisman. TAJ: effective taint analysis of web applications. In Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation, pages 87–97, 2009.

Digital Library

[23]

T. J.Watson Libraries for Analysis (WALA). http://wala.sf.net/, retrieved 2014-03-16.

[24]

Y. Zhou and X. Jiang. Detecting passive content leaks and pollution in android applications. In Proceedings of the 20th Annual Symposium on Network and Distributed System Security, 2013. Introduction Overview IFDS Algorithm The Proposal in a Nutshell Analysis Design IFDS Extension to Store Path Information Unbalanced Return Flows Creating and Matching Semi-Paths Simplifications to Improve Scalability Dependent Analyses Evaluation Setup Results Related Work Confused-Deputy and Collusion Attacks Taint Analysis Information-Flow Analysis Conclusion Acknowldgements References

Cited By

Li HLu JMeng HCao LLi LGao L(2024)Boosting the Performance of Multi-Solver IFDS Algorithms with Flow-Sensitivity Optimizations2024 IEEE/ACM International Symposium on Code Generation and Optimization (CGO)10.1109/CGO57630.2024.10444884(296-307)Online publication date: 2-Mar-2024
https://doi.org/10.1109/CGO57630.2024.10444884
Xiang XJiang YGuo QZhang XGong XLiu B(2023)AppChainer: investigating the chainability among payloads in android applicationsCybersecurity10.1186/s42400-023-00151-26:1Online publication date: 2-Aug-2023
https://doi.org/10.1186/s42400-023-00151-2
Keidel SErdweg SHombücher T(2023)Combinator-Based Fixpoint Algorithms for Big-Step Abstract InterpretersProceedings of the ACM on Programming Languages10.1145/36078637:ICFP(955-981)Online publication date: 31-Aug-2023
https://dl.acm.org/doi/10.1145/3607863
Show More Cited By

Index Terms

FlowTwist: efficient context-sensitive inside-out taint analysis for large codebases
1. Theory of computation
  1. Semantics and reasoning
    1. Program semantics

Recommendations

P/Taint: unified points-to and taint analysis

Static information-flow analysis (especially taint-analysis) is a key technique in software security, computing where sensitive or untrusted data can propagate in a program. Points-to analysis is a fundamental static program analysis, computing what ...
Using Precise Taint Tracking for Auto-sanitization
PLAS '17: Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security

Taint analysis has been used in numerous scripting languages such as Perl and Ruby to defend against various form of code injection attacks, such as cross-site scripting (XSS) and SQL-injection. However, most taint analysis systems simply fail when ...
Static flow-sensitive & context-sensitive information-flow analysis for software product lines: position paper
PLAS '12: Proceedings of the 7th Workshop on Programming Languages and Analysis for Security

A software product line encodes a potentially large variety of software products as variants of some common code base, e.g., through the use of #ifdef statements or other forms of conditional compilation. Traditional information-flow analyses cannot ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

FSE 2014: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering

November 2014

856 pages

ISBN:9781450330565

DOI:10.1145/2635868

General Chair:
Shing-Chi Cheung
Hong Kong University of Science and Technology, China
,
Program Chairs:
Alessandro Orso
Georgia Institute of Technology, USA
,
Margaret-Anne Storey
University of Victoria, Canada

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 November 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIGSOFT/FSE'14

Sponsor:

SIGSOFT

SIGSOFT/FSE'14: 22nd ACM SIGSOFT Symposium on the Foundations of Software Engineering

November 16 - 21, 2014

Hong Kong, China

Acceptance Rates

Overall Acceptance Rate 17 of 128 submissions, 13%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

22
Total Citations
View Citations
516
Total Downloads

Downloads (Last 12 months)33
Downloads (Last 6 weeks)3

Reflects downloads up to 27 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Li HLu JMeng HCao LLi LGao L(2024)Boosting the Performance of Multi-Solver IFDS Algorithms with Flow-Sensitivity Optimizations2024 IEEE/ACM International Symposium on Code Generation and Optimization (CGO)10.1109/CGO57630.2024.10444884(296-307)Online publication date: 2-Mar-2024
https://doi.org/10.1109/CGO57630.2024.10444884
Xiang XJiang YGuo QZhang XGong XLiu B(2023)AppChainer: investigating the chainability among payloads in android applicationsCybersecurity10.1186/s42400-023-00151-26:1Online publication date: 2-Aug-2023
https://doi.org/10.1186/s42400-023-00151-2
Keidel SErdweg SHombücher T(2023)Combinator-Based Fixpoint Algorithms for Big-Step Abstract InterpretersProceedings of the ACM on Programming Languages10.1145/36078637:ICFP(955-981)Online publication date: 31-Aug-2023
https://dl.acm.org/doi/10.1145/3607863
He DGui YGao YXue JJust RFraser G(2023)Reducing the Memory Footprint of IFDS-Based Data-Flow Analyses using Fine-Grained Garbage CollectionProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598041(101-113)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598041
Karakaya KBodden E(2023)Two Sparsification Strategies for Accelerating Demand-Driven Pointer Analysis2023 IEEE Conference on Software Testing, Verification and Validation (ICST)10.1109/ICST57152.2023.00036(305-316)Online publication date: Apr-2023
https://doi.org/10.1109/ICST57152.2023.00036
Shi QWang YYao PZhang C(2022)Indexing the extended Dyck-CFL reachability for context-sensitive program analysisProceedings of the ACM on Programming Languages10.1145/35633396:OOPSLA2(1438-1468)Online publication date: 31-Oct-2022
https://dl.acm.org/doi/10.1145/3563339
Do LBodden E(2022)Explaining Static Analysis With Rule GraphsIEEE Transactions on Software Engineering10.1109/TSE.2020.299953448:2(678-690)Online publication date: 1-Feb-2022
https://doi.org/10.1109/TSE.2020.2999534
Ferrara POlivieri LSpoto F(2021)Static Privacy Analysis by Flow Reconstruction of Tainted DataInternational Journal of Software Engineering and Knowledge Engineering10.1142/S021819402150030331:07(973-1016)Online publication date: 23-Jul-2021
https://doi.org/10.1142/S0218194021500303
Arzt S(2021)Sustainable SolvingProceedings of the 43rd International Conference on Software Engineering10.1109/ICSE43902.2021.00102(1098-1110)Online publication date: 22-May-2021
https://dl.acm.org/doi/10.1109/ICSE43902.2021.00102
Helm DKübler FKölzer JHaller PEichberg MSalvaneschi GMezini MKhurshid SPăsăreanu C(2020)A programming model for semi-implicit parallelization of static analysesProceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3395363.3397367(428-439)Online publication date: 18-Jul-2020
https://dl.acm.org/doi/10.1145/3395363.3397367
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten