Towards Fully Automatic Placement of Security Sanitizers and Declassifiers

DSpace/Manakin Repository

Towards Fully Automatic Placement of Security Sanitizers and Declassifiers

Show simple item record

dc.contributor.author Livshits, Benjamin
dc.contributor.author Chong, Stephen N.
dc.date.accessioned 2012-11-27T21:39:01Z
dc.date.issued 2012-11-27
dc.identifier.citation Livshits, Benjamin, and Stephen N. Chong. Forthcoming. Towards fully automatic placement of security sanitizers and declassifiers. In POPL 2013: Proceedings of the 40th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages: January 23-25, 2013, Rome, Italy. en_US
dc.identifier.uri http://nrs.harvard.edu/urn-3:HUL.InstRepos:9949290
dc.description.abstract A great deal of research on sanitizer placement, sanitizer correctness, checking path validity, and policy inference, has been done in the last five to ten years, involving type systems, static analysis and run-time monitoring and enforcement. However, in pretty much all work thus far, the burden of sanitizer placement has fallen on the developer. However, sanitizer placement in large-scale applications is difficult, and developers are likely to make errors, and thus create security vulnerabilities. This paper advocates a radically different approach: we aim to fully automate the placement of sanitizers by analyzing the flow of tainted data in the program. We argue that developers are better off leaving out sanitizers entirely instead of trying to place them. This paper proposes a fully automatic technique for sanitizer placement. Placement is static whenever possible, switching to run time when necessary. Run-time taint tracking techniques can be used to track the source of a value, and thus apply appropriate sanitization. However, due to the run-time overhead of run-time taint tracking, our technique avoids it wherever possible. en_US
dc.description.sponsorship Engineering and Applied Sciences en_US
dc.language.iso en_US en_US
dc.publisher Association for Computing Machinery en_US
dash.license META_ONLY
dc.subject languages en_US
dc.subject security en_US
dc.subject verification en_US
dc.subject security analysis en_US
dc.subject vulnerability prevention en_US
dc.title Towards Fully Automatic Placement of Security Sanitizers and Declassifiers en_US
dc.type Conference Paper en_US
dc.description.version Author's Original en_US
dc.relation.journal POPL 2013: Proceedings of the 40th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages en_US
dash.depositing.author Chong, Stephen N.
dash.embargo.until 10000-01-01
dash.waiver 2012-10-31

Files in this item

Files Size Format View
Chong_Towards.pdf 1.258Mb PDF View/Open

This item appears in the following Collection(s)

  • FAS Scholarly Articles [7501]
    Peer reviewed scholarly articles from the Faculty of Arts and Sciences of Harvard University

Show simple item record

 
 

Search DASH


Advanced Search
 
 

Submitters