Implementing Dynamic Coarse & Fine Grained Taint Analysis for Rhino JavaScript

Web application systems today are at great risk from attackers. They use methods like cross-site scripting, SQL injection, and format string attacks to exploit vulnerabilities in an application. Standard techniques like static analysis, code audits seem to be inadequate in successfully combating attacks like these. Both the techniques point out the vulnerabilities before an application is run. However, static analysis may result in a higher rate of false positives, and code audits are time-consuming and costly. Hence, there is a need for reliable detection mechanisms. Dynamic taint analysis offers an alternate solution — it marks the incoming data from the untrusted source as ‘tainted.’’ The flow of tainted data is tracked during the program execution. Whenever tainted data is used in a security-sensitive context, a proper action is taken. The execution may also be suspended depending upon the severity of the operation. This project implements dynamic taint analysis in Rhino JavaScript. The focus is on adding support for coarse-grained and fine-grained string tainting. Coarse-grained tainting works at the granularity level of a string while fine-grained tainting works at the granularity level of a character in a string. Both approaches are discussed in further detail in the paper. I have also written a SQL library to leverage my implementation of taint analysis in Rhino and conducted performance tests to contrast the overhead of coarse & fine grained taint analysis. My test results show that fine-grained taint analysis in general incurs more overhead than coarse-grained taint analysis

Significant activation when syllable onset is compared to semantics.

<p>The younger group (cf. left) shows activation in the right frontopolar area (area 10), the right posterior parietal cortex (area 40), and the left inferior temporal cortex (area 37 – not shown in the figure), while the older group (cff right) shows no significant peaks of activation at all. The anatomical MRI images are the average of the T1 acquisitions of the 14 younger subjects (cf. left) and the 14 older subjects (cf. right) transformed into stereotaxic space. The color scale represents the T statistic.</p

Matching according to syllable rhyme minus control matching in the OLD.

<p>Matching according to syllable rhyme minus control matching in the OLD.</p

Matching according to syllable onset minus control matching in the YOUNG.

<p>Matching according to syllable onset minus control matching in the YOUNG.</p

Matching according to syllable onset minus control matching in the OLD.

<p>Matching according to syllable onset minus control matching in the OLD.</p

Matching according to syllable rhyme minus control matching in the OLD.

<p>Matching according to syllable rhyme minus control matching in the OLD.</p

Significant activation when syllable onset is compared to rhyme syllable.

<p>The younger group (cf. left) shows significant activation was in the right posterior parietal cortex (area 40) and the left occipital cortex (area 18 - not shown in the figure), while the older group (cf. right) shows no significant peaks of activation at all. The anatomical MRI images are the average of the T1 acquisitions of the 14 younger subjects (cf. left) and the 14 older subjects (cf. right) transformed into stereotaxic space. The color scale represents the T statistic.</p

Matching according to syllable rhyme minus control matching in the YOUNG.

<p>Matching according to syllable rhyme minus control matching in the YOUNG.</p

Matching according to semantics minus control matching in the OLD.

<p>Matching according to semantics minus control matching in the OLD.</p

Matching according to semantic compared with matching according to syllable onset.

<p>Matching according to semantic compared with matching according to syllable onset.</p