The VIBRANCE project is developing techniques to eliminate vulnerabilities in Java applications. As part of this effort we are developing techniques to eliminate vulnerabilities that are triggered by unchecked inputs. Examples include injection vulnerabilities (such as SQL, command, ldap, and xquery injection attacks), resource allocation vulnerabilities (which cause the application to request excessive resources), and numeric overflow and underflow vulnerabilties.
A central goal of the project is to develop an efficient taint tracer that can detect when an unchecked input value appears at a potential vulnerability site. For example, the application may use an input field directly as a parameter at a memory allocation site without checking that the value in the field is reasonably small (so that the application can perform the allocation successfully). When the taint tracer detects such a value, it consults a configurable security policy to determine what action to take to eliminate the vulnerability and, ideally, enable the application to continue to execute.
The taint tracer combines precise dynamic taint tracing with static analysis to reduce the tracing overhead. By statically tracking the flow of values through the program, the static analysis makes it possible to eliminate intermediate dynamic taint propagation steps (and therefore the overhead otherwise associated with these steps). The goal is a taint tracer with overhead small enough for routine production use (existing taint tracers are used almost exclusively only for testing or debugging).