CONTEXT-SENSITIVE TAINT ANALYSIS

US 20130086676A1
Filed: 09/29/2011
Published: 04/04/2013
Est. Priority Date: 09/29/2011
Status: Active Grant

First Claim

Patent Images

1. A processor-readable medium storing code representing instructions that when executed at a processor cause the processor to:

identify a taint processing applied to a tainted value of an application;

determine an output context of the application associated with output of the tainted value from the application; and

generate a notification if the taint processing is incompatible with the output context.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one implementation, a taint processing applied to a tainted value of an application is identified and an output context of the application associated with output of the tainted value is determined. A notification is generated if the taint processing is incompatible with the output context.

31 Citations

View as Search Results

20 Claims

1. A processor-readable medium storing code representing instructions that when executed at a processor cause the processor to:
- identify a taint processing applied to a tainted value of an application;
  
  determine an output context of the application associated with output of the tainted value from the application; and
  
  generate a notification if the taint processing is incompatible with the output context.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The processor-readable medium of claim 1, wherein:
    - the tainted value is derived from a runtime input of the application; and
      
      the output context is a runtime output context.
  - 3. The processor-readable medium of claim 1, wherein the taint processing is a validation.
  - 4. The processor-readable medium of claim 1, wherein the taint processing is an encoding.
  - 5. The processor-readable medium of claim 1, wherein:
    - the tainted value is a first tainted value; and
      
      the first tainted value is an independent copy of a second tainted value provided as an input to the taint processing.
  - 6. The processor-readable medium of claim 1, wherein the application includes a plurality of output contexts including the output context, the processor-readable medium further storing code representing instructions that when executed at the processor cause the processor to monitor a current output context of the application from the plurality of output contexts, the output context determined based on the current output context.
  - 7. The processor-readable medium of claim 1, wherein the taint processing is a first taint processing defined at a first library, the processor-readable medium further storing code representing instructions that when executed at the processor cause the processor to substitute a second library with the first library.

8. A context-sensitive taint analysis system, comprising:
- a taint monitor to monitor a taint processing of a tainted value of an application;
  
  a output context monitor to monitor a current output context from a plurality of output contexts of the application; and
  
  an analysis module to determine that the tainted value is associated with output of the current output context and to determine whether the taint processing applied to the tainted value is compatible with the current output context.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The system of claim 8, wherein the taint processing is an encoding.
  - 10. The system of claim 8, further comprising a record module to record the taint processing and the current output context.
  - 11. The system of claim 8, further comprising a notification module to generate a notification if the taint processing applied to the tainted value is not compatible with the current output context.
  - 12. The system of claim 8, further comprising an input monitor to monitor runtime input to the application, the tainted value derived from an input value from the runtime input.
  - 13. The system of claim 8, further comprising an input monitor to monitor runtime input to the application, the tainted value is an independent copy of an input value from the runtime input, the taint value generated in response to taint processing of the input value.
  - 14. The system of claim 8, wherein the taint monitor is operable to monitor a plurality of taint processings applied to the tainted value, the plurality of taint processings including the taint processing.
  - 15. The system of claim 8, wherein the analysis module determines whether the taint processing applied to the tainted value is compatible with the current output context based on a security policy associated with the application.

16. A context-sensitive taint analysis method, comprising:
- updating a processing state associated with each tainted value from a plurality of tainted values in response to each taint processing from a plurality of taint processings applied to that tainted value;
  
  updating an output context identifier associated with an application including the plurality of tainted values in response to output from the application; and
  
  comparing the processing state of a tainted value from the plurality of tainted values with the output context identifier if that tainted value is output from the application.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, further comprising generating a notification in response to the comparing if the processing state of that tainted value is not compatible with the output context identifier.
  - 18. The method of claim 16, wherein at least a portion of the plurality of taint processings are encodings.
  - 19. The method of claim 16, further comprising parsing the output from the application, the updating the output context identifier is based on the parsing.
  - 20. The method of claim 16, further comprising parsing the output from the application, the updating the output context identifier is based on the parsing, the parsing emulating an web browser rendering engine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Chess, Brian V., Fay, Sean Patrick

Granted Patent

US 8,739,280 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/554 involving event detection a...

CONTEXT-SENSITIVE TAINT ANALYSIS

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CONTEXT-SENSITIVE TAINT ANALYSIS

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links