Sciweavers

SOSP
2009
ACM

Improving application security with data flow assertions

14 years 9 months ago
Improving application security with data flow assertions
RESIN is a new language runtime that helps prevent security vulnerabilities, by allowing programmers to specify application-level data flow assertions. RESIN provides policy objects, which programmers use to specify assertion code and metadata; data tracking, which allows programmers to associate assertions with application data, and to keep track of assertions as the data flow through the application; and filter objects, which programmers use to define data flow boundaries at which assertions are checked. RESIN’s runtime checks data flow assertions by propagating policy objects along with data, as that data moves through the application, and then invoking filter objects when data crosses a data flow boundary, such as when writing data to the network or a file. Using RESIN, Web application programmers can prevent a range of problems, from SQL injection and cross-site scripting, to inadvertent password disclosure and missing access control checks. Adding a RESIN assertion to...
Alexander Yip, Xi Wang, Nickolai Zeldovich, M. Fra
Added 17 Mar 2010
Updated 17 Mar 2010
Type Conference
Year 2009
Where SOSP
Authors Alexander Yip, Xi Wang, Nickolai Zeldovich, M. Frans Kaashoek
Comments (0)