Context-sensitive taint analysis

US 8,739,280 B2
Filed: 09/29/2011
Issued: 05/27/2014
Est. Priority Date: 09/29/2011
Status: Active Grant

First Claim

Patent Images

1. A non-transitory processor-readable medium storing code that when executed by at least one processor causes the at least one processor to:

identify a taint processing applied to a tainted value of an application;

determine a first output context of the application associated with output of the tainted value from the application;

determine whether the taint processing is effective in mitigating a security vulnerability caused by the tainted value for the first output context, wherein the application includes a plurality of output contexts including the first output context; and

generate a notification if the taint processing is determined to be ineffective in mitigating the security vulnerability caused by the tainted value for the first output context, wherein the taint processing is ineffective in mitigating the security vulnerability caused by the tainted value for the first output context, but the taint processing is effective in mitigating the security vulnerability caused by the tainted value for another of the plurality of output contexts.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A taint processing applied to a tainted value of an application is identified and an output context of the application associated with output of the tainted value is determined. It is determined whether the taint processing is effective in mitigating a security vulnerability caused by the tainted value for the output context.

228 Citations

22 Claims

1. A non-transitory processor-readable medium storing code that when executed by at least one processor causes the at least one processor to:
- identify a taint processing applied to a tainted value of an application;
  
  determine a first output context of the application associated with output of the tainted value from the application;
  
  determine whether the taint processing is effective in mitigating a security vulnerability caused by the tainted value for the first output context, wherein the application includes a plurality of output contexts including the first output context; and
  
  generate a notification if the taint processing is determined to be ineffective in mitigating the security vulnerability caused by the tainted value for the first output context, wherein the taint processing is ineffective in mitigating the security vulnerability caused by the tainted value for the first output context, but the taint processing is effective in mitigating the security vulnerability caused by the tainted value for another of the plurality of output contexts.
- View Dependent Claims (2, 3, 4, 5, 6, 13, 14, 15, 16, 17, 18, 19, 21)
- - 2. The processor-readable medium of claim 1, wherein:
    - the tainted value is derived from a runtime input of the application; and
      
      the first output context is a runtime output context.
  - 3. The processor-readable medium of claim 1, wherein identifying the taint processing comprises identifying processing that mitigates the security vulnerability caused by the tainted value.
  - 4. The processor-readable medium of claim 3, wherein the taint processing includes an encoding of the tainted value.
  - 5. The processor-readable medium of claim 1, wherein:
    - the tainted value is a first tainted value; and
      
      the first tainted value is an independent copy of a second tainted value provided as an input to the taint processing.
  - 6. The processor-readable medium of claim 1, wherein the taint processing is a first taint processing defined at a first library, the processor-readable medium further storing code that when executed by the at least one processor causes the at least one processor to substitute a second library with the first library.
  - 13. The processor-readable medium of claim 1, further comprising code that when executed by the at least one processor causes the at least one processor to:
    - update a processing state associated with each tainted value from a plurality of tainted values in response to each taint processing from a plurality of taint processings applied to respective tainted value of the plurality of tainted values;
      
      update an output context identifier associated with the application in response to output from the application; and
      
      compare a processing state of a tainted value from the plurality of tainted values with the output context identifier if that tainted value is output from the application.
  - 14. The processor-readable medium of claim 13, further comprising code that when executed by the at least one processor causes the at least one processor to generate a notification in response to the comparing if the processing state of that tainted value is not compatible with the output context identifier.
  - 15. The processor-readable medium of claim 13, wherein at least a portion of the plurality of taint processings are encodings.
  - 16. The processor-readable medium of claim 13, further comprising code that when executed by the at least one processor causes the at least one processor to parse the output from the application, wherein updating the output context identifier is based on the parsing.
  - 17. The processor-readable medium of claim 13, further comprising code that when executed by the at least one processor cause the at least one processor to parse the output from the application, wherein updating the output context identifier is based on the parsing, the parsing emulating an web browser rendering engine.
  - 18. The processor-readable medium of claim 3, wherein the taint processing includes a validation to check that the tainted value does not include data that opens a vulnerability in the application.
  - 19. The processor-readable medium of claim 1, further storing code that when executed by the at least one processor causes the at least one processor to identify the tainted value by determining that the tainted value is based on data from an untrusted or unverified source received at an input of the application, and wherein the first output context is a context relating to an interpretation of a data value output by the application.
  - 21. The processor-readable medium of claim 1, wherein the taint processing is ineffective in mitigating the security vulnerability caused by the tainted value for the first output context if the taint processing is not compatible with the first output context.

7. A context-sensitive taint analysis system, comprising:
- a taint monitor to monitor a taint processing of a tainted value of an application;
  
  an output context monitor to monitor a current output context from a plurality of output contexts of the application; and
  
  an analysis module to;
  
  determine that the tainted value is associated with output of the current output context, anddetermine whether the taint processing applied to the tainted value is effective in mitigating a security vulnerability caused by the tainted value for the current output context, wherein the taint processing is ineffective in mitigating the security vulnerability caused by the tainted value for the current output context, but the taint processing is effective in mitigating the security vulnerability caused by the tainted value for another of the plurality of output contexts.
- View Dependent Claims (8, 9, 10, 11, 12, 20, 22)
- - 8. The system of claim 7, wherein the taint processing includes an encoding of the tainted value.
  - 9. The system of claim 7, further comprising a notification module to generate a notification if the taint processing applied to the tainted value is ineffective in mitigating the security vulnerability caused by the tainted value for the current output context.
  - 10. The system of claim 7, further comprising an input monitor to monitor runtime input to the application, the tainted value derived from an input value from the runtime input, wherein the current output context is a context relating to an interpretation of a data value output by the application.
  - 11. The system of claim 7, wherein the taint monitor is configured to monitor a plurality of taint processings applied to the tainted value, the plurality of taint processings including the taint processing.
  - 12. The system of claim 7, wherein the analysis module is configured to determine whether the taint processing applied to the tainted value is effective in mitigating the security vulnerability for the current output context based on a security policy associated with the application.
  - 20. The system of claim 7, wherein the tainted value is based on data from an untrusted or unverified source received at an input of the application, and wherein the current output context is a context relating to an interpretation of a data value output by the application.
  - 22. The system of claim 7, wherein the taint processing is ineffective in mitigating the security vulnerability caused by the tainted value for the current output context if the taint processing is not compatible with the first output context.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Fay, Sean Patrick, Chess, Brian V
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Cribbs, Malcolm

Application Number

US13/248,948
Publication Number

US 20130086676A1
Time in Patent Office

971 Days
Field of Search

None
US Class Current

726/22
CPC Class Codes

G06F 21/554 involving event detection a...

Context-sensitive taint analysis

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

228 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Context-sensitive taint analysis

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

228 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links