Practical Dynamic Taint Tracking for Exploiting Input Sanitization Error in Java Applications

Abstract

Errors in the sanitization of user inputs lead to serious security vulnerabilities. Many applications contain such errors, making them vulnerable to input sanitization exploits. Therefore, internet worms via exploiting vulnerabilities in applications infect hundreds of thousands of users in a matter of short time, causing hundreds of millions of dollars in damages. To successfully counter internet worm attacks, we need automatic detection and defense mechanisms. First, we need automatic detection mechanisms that can detect runtime attacks for vulnerabilities. A disclosure mechanism should be simple to deploy, resulting in few false positives and few false negatives. In this paper we present Tainer, an automatic dynamic taint analysis framework to detect and generate exploits for sanitization based vulnerabilities for Java web applications. Particularly, our method is based on tracking the flow of taint information from untrusted input the application sensitive methods (such as console, file, network, database or another program). Our proposed framework is portable, quick, accurate, and does not need the source code of applications. We demonstrate the usefulness of the framework by detecting several zero-day actual vulnerabilities in popular Java applications.