{PolyCruise}: A {Cross-Language} dynamic information flow analysis

W Li, J Ming, X Luo, H Cai - 31st USENIX Security Symposium (USENIX …, 2022 - usenix.org
Despite the fact that most real-world software systems today are written in multiple
programming languages, existing program analysis based security techniques are still …

Nodemedic: End-to-end analysis of node. js vulnerabilities with provenance graphs

D Cassel, WT Wong, L Jia - 2023 IEEE 8th European …, 2023 - ieeexplore.ieee.org
Packages in the Node. js ecosystem often suffer from serious vulnerabilities such as
arbitrary command injection and code execution. Existing taint analysis tools fall short in …

Bilingual problems: Studying the security risks incurred by native extensions in scripting languages

CA Staicu, S Rahaman, Á Kiss, M Backes - 32nd USENIX Security …, 2023 - usenix.org
Scripting languages are continuously gaining popularity due to their ease of use and the
flourishing software ecosystems surrounding them. These languages offer crash and …

SecV: Secure code partitioning via multi-language secure values

P Yuhala, P Felber, H Guiroux, JP Lozi… - Proceedings of the 24th …, 2023 - dl.acm.org
Trusted execution environments like Intel SGX provide enclaves, which offer strong security
guarantees for applications. Running entire applications inside enclaves is possible, but this …

Unveiling the Invisible: Detection and Evaluation of Prototype Pollution Gadgets with Dynamic Taint Analysis

M Shcherbakov, P Moosbrugger, M Balliu - Proceedings of the ACM on …, 2024 - dl.acm.org
Prototype-based languages like JavaScript are susceptible to prototype pollution
vulnerabilities, enabling an attacker to inject arbitrary properties into an object's prototype …

Dynamic taint analysis with label-defined semantics

J Kreindl, D Bonetta, L Stadler… - Proceedings of the 19th …, 2022 - dl.acm.org
Dynamic taint analysis is a popular analysis technique which tracks the propagation of
specific values while a program executes. To this end, a taint label is attached to these …

Augur: dynamic taint analysis for asynchronous javascript

MW Aldrich, A Turcotte, M Blanco, F Tip - Proceedings of the 37th IEEE …, 2022 - dl.acm.org
Dynamic taint analysis (DTA) is a popular approach to help protect JavaScript applications
against injection vulnerabilities. In 2016, the ECMAScript 7 JavaScript language standard …

Polyglot AST: Towards Enabling Polyglot Code Analysis

P Houdaille, DE Khelladi, R Briend… - … on Engineering of …, 2023 - ieeexplore.ieee.org
Today, a plethora of programming languages exists, each better suited for a particular
concern. For example, Python is suited for data analysis but not web development, whereas …

Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimization

J Kreindl, D Bonetta, L Stadler… - Proceedings of the 18th …, 2021 - dl.acm.org
Dynamic taint analysis (DTA) is a popular program analysis technique with applications to
diverse fields such as software vulnerability detection and reverse engineering. It consists of …

On Polyglot Program Testing

P Houdaille, DE Khelladi, B Combemale… - … Proceedings of the …, 2024 - dl.acm.org
In modern applications, it has become increasingly necessary to use multiple languages in a
coordinated way to deal with the complexity and diversity of concerns encountered during …