Taint and Information Flow Analysis Using Sweet.js Macros

Publication Year:
Usage 775
Downloads 705
Abstract Views 70
Social Media 8
Tweets 8
Repository URL:
Kannan, Prakasam
javascript flow analysis security; Information Security; Programming Languages and Compilers
Most Recent Tweet View All Tweets
project description
JavaScript has been the primary language for application development in browsers and with the advent of JIT compilers, it is increasingly becoming popular on server side development as well. However, JavaScript suffers from vulnerabilities like cross site scripting and malicious advertisement code on the the client side and on the server side from SQL injection.In this paper, we present a dynamic approach to efficiently track information flow and taint detection to aid in mitigation and prevention of such attacks using JavaScript based hygienic macros. We use Sweet.js and object proxies to override built-in JavaScript operators to track information flow and detect tainted values. We also demonstrate taint detection and information flow analysis using our technique in a REST service running on Node.js.We finally present cross browser compatibility and performance metrics of our solution using the popular SunSpider benchmark on Safari, Chrome and Firefox and suggest some performance improvement techniques.