Type-Based Enforcement of Secure Programming Guidelines - Code Injection Prevention at SAP
نویسندگان
چکیده
Code injection and cross-site scripting belong to the most common security vulnerabilities in modern software, usually caused by incorrect string processing. These exploits are often addressed by formulating programming guidelines or “best practices”. In this paper, we study the concrete example of a guideline used at SAP for the handling of untrusted, potentially executable strings that are embedded in the output of a Java servlet. To verify adherence to the guideline, we present a type system for a Java-like language that is extended with refined string types, output effects, and polymorphic method types. The practical suitability of the system is demonstrated by an implementation of a corresponding string type verifier and context-sensitive inference for real Java programs.
منابع مشابه
Towards Practical Prevention of Code Injection Vulnerabilities on the Programming Language Level
A large percentage of today’s security problems is caused by code injection vulnerabilities. Many of these vulnerabilities exist because of implicit code generation through string serialization. Based on an analysis of the underlying mechanisms, we propose a general model to outfit modern programming languages with means for explicit and secure code generation. Further, we identify the model’s ...
متن کاملSecure the Clones
Exchanging mutable data objects with untrusted code is a delicate matter because of the risk of creating a data space that is accessible by an attacker. Consequently, secure programming guidelines for Java stress the importance of using defensive copying before accepting or handing out references to an internal mutable object. However, implementation of a copy method (like clone()) is entirely ...
متن کاملThe Multi-Tier Architecture for Developing Secure Website with Detection and Prevention of SQL-Injection Attacks
SQL injection is an attack methodology that targets the data residing in a database. The attack takes advantage of poor input validation in code and website administration. SQL Injection Attacks occur when an attacker is able to insert a series of SQL statements into a ‘query’ by manipulating user input data into a web-based application, an attacker can take advantages of web application progra...
متن کاملEnforcing Declarative Policieswith Targeted Program Synthesis
We present a technique for static enforcement of declarative information flow policies. Given a program that manipulates sensitive data and a set of declarative policies on the data, our technique automatically inserts policy-enforcing code throughout the program to make it provably secure with respect to the policies. We achieve this through a new approach we call targeted program synthesis, w...
متن کاملLink-Time Enforcement of Confined Types for JVM Bytecode
The language-based approach to security employs programming language technologies to construct secure environments for hosting untrusted code. The recently proposed notion of confined types effectively prevents accidental reference leaks that could lead to security breaches in mobile code platforms such as Java. Enforcing a stronger notion of encapsulation than conventional object-oriented prog...
متن کامل