{PolyCruise}: A {Cross-Language} dynamic information flow analysis
Despite the fact that most real-world software systems today are written in multiple
programming languages, existing program analysis based security techniques are still …
programming languages, existing program analysis based security techniques are still …
Nodemedic: End-to-end analysis of node. js vulnerabilities with provenance graphs
Packages in the Node. js ecosystem often suffer from serious vulnerabilities such as
arbitrary command injection and code execution. Existing taint analysis tools fall short in …
arbitrary command injection and code execution. Existing taint analysis tools fall short in …
Bilingual problems: Studying the security risks incurred by native extensions in scripting languages
Scripting languages are continuously gaining popularity due to their ease of use and the
flourishing software ecosystems surrounding them. These languages offer crash and …
flourishing software ecosystems surrounding them. These languages offer crash and …
SecV: Secure code partitioning via multi-language secure values
Trusted execution environments like Intel SGX provide enclaves, which offer strong security
guarantees for applications. Running entire applications inside enclaves is possible, but this …
guarantees for applications. Running entire applications inside enclaves is possible, but this …
Unveiling the Invisible: Detection and Evaluation of Prototype Pollution Gadgets with Dynamic Taint Analysis
M Shcherbakov, P Moosbrugger, M Balliu - Proceedings of the ACM on …, 2024 - dl.acm.org
Prototype-based languages like JavaScript are susceptible to prototype pollution
vulnerabilities, enabling an attacker to inject arbitrary properties into an object's prototype …
vulnerabilities, enabling an attacker to inject arbitrary properties into an object's prototype …
Dynamic taint analysis with label-defined semantics
Dynamic taint analysis is a popular analysis technique which tracks the propagation of
specific values while a program executes. To this end, a taint label is attached to these …
specific values while a program executes. To this end, a taint label is attached to these …
Augur: dynamic taint analysis for asynchronous javascript
Dynamic taint analysis (DTA) is a popular approach to help protect JavaScript applications
against injection vulnerabilities. In 2016, the ECMAScript 7 JavaScript language standard …
against injection vulnerabilities. In 2016, the ECMAScript 7 JavaScript language standard …
Polyglot AST: Towards Enabling Polyglot Code Analysis
P Houdaille, DE Khelladi, R Briend… - … on Engineering of …, 2023 - ieeexplore.ieee.org
Today, a plethora of programming languages exists, each better suited for a particular
concern. For example, Python is suited for data analysis but not web development, whereas …
concern. For example, Python is suited for data analysis but not web development, whereas …
Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimization
Dynamic taint analysis (DTA) is a popular program analysis technique with applications to
diverse fields such as software vulnerability detection and reverse engineering. It consists of …
diverse fields such as software vulnerability detection and reverse engineering. It consists of …
On Polyglot Program Testing
In modern applications, it has become increasingly necessary to use multiple languages in a
coordinated way to deal with the complexity and diversity of concerns encountered during …
coordinated way to deal with the complexity and diversity of concerns encountered during …