Towards a Taint Mode for Cloud Computing Web Applications

Luciano BelloAlejandro Russo

Cloud computing is generally understood to mean that data and computations are distributed somewhere over the Internet. Over the past years, there has been a steep increase on web sites using this technology. Unfortunately, those web sites are not exempted from the fact that injection flaws and cross-site scripting are two of the most common vulnerabilities. Taint analysis is an automatic approach to find and repair such vulnerabilities. Cloud computing platforms posses several features that, while facilitate the development of web applications, it make difficult the application of off-the-shelf taint analysis techniques. More specifically, several of the proposed taint analysis techniques do not deal with persistent storage (e.g., object datastores), opaque objects (i.e., objects which implementation cannot be accessed and thus tracking tainted data becomes a challenge), or a rich set of security policies (e.g., forcing a specific order of sanitizers to be applied). We propose a taint analysis for could computing web applications that considers datastore, opaque objects, and a set of rich and useful security policies. Rather than modifying interpreters or compilers, we provide taint analysis via a library for the cloud computing platform Google App Engine (GAE). To evaluate the use of our library, we harden an existing GAE web application against cross-site scripting attacks.

Categories and Subject Descriptors D.2.5 [Software Engineering]: Testing and Debugging; D.3.3 [Programming Languages]: Language Constructs and Features-Modules, packages
General Terms Security, Languages, Web Applications
Keywords Taint analysis, Cloud computing, Library

  • Towards a Taint Mode for Cloud Computing Web Applications, Luciano Bello and Alejandro Russo. In ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, Beijing, China, June 2012.
  • running example
  • What's the running example

    The running example is explained in the Section 6 of the paper. It is based on the guestbook example from google-app-engine-samples, used by the Getting Started documentation.

    It had been tested with google_appengine v1.6.3 and Python 2.7.2, on Linux:

    It includes the taintmode library and other files. In summary,

    From the original guestbook example, without any modifications. The shorturl sanitizer, explained in Section 6.1 of the paper.
    From the original guestbook example, with some minimal modifications explained in Section 6.1 of the paper.
    taintmode/ The taintmode library itself.


    Download and unpack the tar file running example

    tar zxvf GAEtaintmode_example.tar.gz

    Download and unzip the Google App Engine SDK for Python v1.6.3 (the current stable version). Run the server with the guestbook application:

    ./google_appengine/ --clear_datastore guestbook