buttonTrust
 
Commands
  Search pubs

Quick search by ...
Year
  2011
2010
2009
2008
2007
2006
2005
2004
2002

Group
  aftrust
aftrustfaculty
deab
eab
eduboard
education
euus
execboard
financial
gig
government
health
healthcare
hsn
hsnresearch
hsnucb
iab
iacb
icast
icastucb
idtheft
industry
knowledgetransfer
languages
netdefenses
patientmonitor
pdfellowship
physical
policy
reu
reu11gold
reu2009
reu2010
reu2011
scada
securit
securit2007
sensornets
sensorprivacy
sitevisit
superb
superb2008
telecomitalia
trust
trustadmin
trustfaculty
trustlocal
trustseminar
trustworthy
university
wise2006
Efficient Character-Level Taint Tracking for Java
Erika Chin

Citation
Erika Chin. "Efficient Character-Level Taint Tracking for Java". Talk or presentation, 30, November, 2009.

Abstract
Over 80% of web services are vulnerable to attack, and much of the danger arises from command injection vulnerabilities. We present an efficient character-level taint tracking system for Java web applications and argue that it can be used to defend against command injection vulnerabilities. Our approach involves modification only to Java library classes and the implementation of the Java servlets framework, so it requires only a one-time modification to the server without any subsequent modifications to a web application's bytecode or access to the web application's source code. This makes it easy to deploy our technique and easy to secure legacy web software. Our preliminary experiments with the JForum web application suggest that character-level taint tracking adds 0-15% runtime overhead.

Electronic downloads

  • 10%20-%20Chin.pptx · application/vnd.openxmlformats-officedocument.presentationml.pre · 216 kbytes
Citation formats  
  • HTML 
    Erika Chin. <a
href="http://www.truststc.org/pubs/640.html"
><i>Efficient Character-Level Taint Tracking for
Java</i></a>, Talk or presentation,  30,
November, 2009.
  • Plain text 
    Erika Chin. "Efficient Character-Level Taint Tracking
for Java". Talk or presentation,  30, November, 2009.
  • BibTeX 
    @presentation{Chin09_EfficientCharacterLevelTaintTrackingForJava,
    author = {Erika Chin},
    title = {Efficient Character-Level Taint Tracking for Java},
    day = {30},
    month = {November},
    year = {2009},
    abstract = {Over 80% of web services are vulnerable to attack,
              and much of the danger arises from command
              injection vulnerabilities. We present an efficient
              character-level taint tracking system for Java web
              applications and argue that it can be used to
              defend against command injection vulnerabilities.
              Our approach involves modification only to Java
              library classes and the implementation of the Java
              servlets framework, so it requires only a one-time
              modification to the server without any subsequent
              modifications to a web application's bytecode or
              access to the web application's source code. This
              makes it easy to deploy our technique and easy to
              secure legacy web software. Our preliminary
              experiments with the JForum web application
              suggest that character-level taint tracking adds
              0-15% runtime overhead.},
    URL = {http://www.truststc.org/pubs/640.html}
}

Posted by Larry Rohrbough on 5 Nov 2009.
For additional information, see the Publications FAQ or contact webmaster at www truststc org..

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.
You are not logged in 
© 2005-2012 Trust