Efficient Instrumentation-Based Dynamic Taint Analysis for JavaScript

Project

Efficient Instrumentation-Based Dynamic Taint Analysis for JavaScript

Principal Investigator

Northeastern University

Oracle Principal Investigator

Alexander Jordan, Principal Researcher
Cristina Cifuentes, Vice President, Software Assurance
Francois Gauthier, Consulting Researcher

Summary

Injection vulnerabilities are nowadays commonly reported in Node.js web applications. While taint analysis is a powerful technique to find such vulnerabilities and dynamic taint tracking would be the obvious choice of implementing it for JavaScript, existing approaches that perform taint tracking for JavaScript are brittle, require extensive manual modelling, and fail to analyze even simple Node.js applications.

Many current approaches to dynamic taint analysis rely on the modification of the language runtime (a JavaScript engine or a browser), which limits the resulting analysis to a specific platform, and requires ongoing maintenance as the engine evolves. Instrumentation-based dynamic taint analysis for JavaScript is easier to maintain but has to overcome its own challenges, mainly robust and efficient instrumentation that can scale to complex Node.js applications.

This research project aims to make instrumentation-based dynamic taint analysis more practical and scalable. The project will be using NodeProf, a JavaScript instrumentation framework for Node.js applications running on GraalVM, and explore novel techniques to minimize the amount of necessary instrumentation and thus optimize analysis overhead.