Radmilo Racic Denys Ma Hao Chen University of California, Davis
Benjamin Davis Hao Chen University of California, Davis.
-
Upload
milton-potter -
Category
Documents
-
view
229 -
download
2
Transcript of Benjamin Davis Hao Chen University of California, Davis.
![Page 1: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/1.jpg)
Benjamin DavisHao Chen
University of California, Davis
![Page 2: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/2.jpg)
Web services are highly attractive targets Over 60% of attacks target Web applications Over 80% of vulnerabilities found are in Web
applications
(From SANS 2009 Top Cyber Security Risks)
2
![Page 3: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/3.jpg)
3
<h1>Latest Comment</h1><p>
</p>
<h1>Latest Comment</h1><p>
</p>
{User Content}{User Content}
![Page 4: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/4.jpg)
4
<h1>Latest Comment</h1><p>
This is <b>great!</b></p>
<h1>Latest Comment</h1><p>
This is <b>great!</b></p>
![Page 5: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/5.jpg)
5
<h1>Latest Comment</h1><p>
<script>steal(document.cookie);
</script></p>
<h1>Latest Comment</h1><p>
<script>steal(document.cookie);
</script></p>
![Page 6: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/6.jpg)
6
ApplicationApplication
??
??
??
????
![Page 7: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/7.jpg)
Information Flow Tracking System
7
ApplicationApplication
Input!!!!
![Page 8: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/8.jpg)
Information Flow Tracking System
8
ApplicationApplication
!!!!
![Page 9: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/9.jpg)
Information Flow Tracking System
9
ApplicationApplication
!!!!
!!!!
![Page 10: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/10.jpg)
Information Flow Tracking System
10
ApplicationApplication
!!!!Output
!!!!
![Page 11: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/11.jpg)
Information Flow Tracking System
11
ApplicationApplication
!!!!!!!!
OutputX
![Page 12: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/12.jpg)
Language-based “taint mode”◦ Perl◦ Ruby
Adding support to language structures◦ Java [Chin, Wagner 09]◦ PHP [Venema]
12
![Page 13: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/13.jpg)
Information Flow Tracking System
13
Web ApplicationWeb Application
Output
Input
Database InterfaceDatabase Interface
DatabaseDatabase
![Page 14: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/14.jpg)
Information Flow Tracking System
Web ApplicationWeb Application
14
Output
Input
Database InterfaceDatabase Interface
DatabaseDatabase
!!!!
![Page 15: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/15.jpg)
Information Flow Tracking System
Web ApplicationWeb Application
15
Output
Input
Database InterfaceDatabase Interface
DatabaseDatabase
!!!!
![Page 16: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/16.jpg)
Information Flow Tracking System
Web ApplicationWeb Application
16
Output
Input
Database InterfaceDatabase Interface
DatabaseDatabase
!!!!
![Page 17: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/17.jpg)
Information Flow Tracking System
Web ApplicationWeb Application
17
Output
Input
Database InterfaceDatabase Interface
DatabaseDatabase
!!!!
![Page 18: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/18.jpg)
Information Flow Tracking System
Web ApplicationWeb Application
18
Output
Input
Database InterfaceDatabase Interface
DatabaseDatabase
??
![Page 19: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/19.jpg)
Information Flow Tracking System
Web ApplicationWeb Application
19
Output
Input
Database InterfaceDatabase Interface
DatabaseDatabase
??
![Page 20: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/20.jpg)
Information Flow Tracking System
Web ApplicationWeb Application
20
Output
Input
Database InterfaceDatabase Interface
DatabaseDatabase
??
![Page 21: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/21.jpg)
What if you have multiple applications? How to treat data from the database?
◦ All tainted -> false positives◦ All untainted -> false negatives◦ Require manual annotation? ◦ Application-specific decisions?
21
![Page 22: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/22.jpg)
Taint tracking through the entire system◦ [Asbestos, 05]◦ [HiStar, 06]
Implemented in◦ Hardware◦ OS◦ VMM/emulator
22
![Page 23: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/23.jpg)
Web ApplicationWeb Application
23
Output
Input
Database InterfaceDatabase Interface
DatabaseDatabase
!!!!
![Page 24: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/24.jpg)
Web ApplicationWeb Application
24
Output
Input
Database InterfaceDatabase Interface
DatabaseDatabase
![Page 25: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/25.jpg)
Web ApplicationWeb Application
25
Output
Input
Database InterfaceDatabase Interface
DatabaseDatabase
!!!!
![Page 26: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/26.jpg)
Web ApplicationWeb Application
26
Output
Input
Database InterfaceDatabase Interface
DatabaseDatabase
![Page 27: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/27.jpg)
Low level/fine granularity◦ Hardware mechanism [Suh, Lee, Devadas 04]◦ Minos [Crandall, Chong, 04]
Lacks high-level database semantics◦ Aggregate functions◦ Comparisons, SELECT DISTINCT
27
![Page 28: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/28.jpg)
End-to-end taint tracking◦ Across Web applications and databases
Leverage existing single-application information flow tracking engines
Compatible with existing Web services◦ Require no changes to Web applications
Taint propagation through database functions
28
![Page 29: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/29.jpg)
29
DB InterfaceDB Interface
Web ApplicationWeb Application
Database EngineDatabase Engine
SQL
![Page 30: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/30.jpg)
30
DB InterfaceDB Interface
Web ApplicationWeb Application
Database EngineDatabase Engine
SQL
Single-application information flow
Single-application information flow
DBTaint
![Page 31: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/31.jpg)
Store taint data in database composite types◦ Tuple of form: (<value>, <taint_value>)
Store/retrieve taint values via SQL◦ No additional mechanisms needed in the
database◦ No change to underlying database data structures
31
Id Status
(19, 0) (‘closed’, 1)
(27, 0) (‘open’, 1)
(32, 0) (‘pending, 1)
Id Status
19 ‘closed’
27 ‘open’
32 ‘pending’
Before DBTaint With DBTaint
![Page 32: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/32.jpg)
Create functions that operate on composite types◦ Comparison operators (=, !=, <, …)◦ Arithmetic operations (+, -, …)◦ Text operations (upper, lower, …)◦ Aggregate functions (MAX, MIN, SUM, …)
Functions implemented in SQL◦ CREATE FUNCTION◦ CREATE OPERATOR◦ CREATE AGGREGATE
32
![Page 33: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/33.jpg)
Arithmetic operations
(4, 0) + (5, 1) = (9, ?)
33
![Page 34: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/34.jpg)
Arithmetic operations
(4, 0) + (5, 1) = (9, ?)
34
untainteduntainted taintedtainted
![Page 35: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/35.jpg)
Arithmetic operations
(4, 0) + (5, 1) = (9, 1)
35
untainteduntainted taintedtainted taintedtainted
![Page 36: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/36.jpg)
MAX
{(2, 0), (3, 1), (5, 0)} = (5, ?)
36
![Page 37: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/37.jpg)
MAX
{(2, 0), (3, 1), (5, 0)} = (5, ?)
37
untainteduntainted taintedtainted untainteduntainted
![Page 38: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/38.jpg)
Untainted: trusted source◦ Web application defaults◦ Values generated entirely by the Web application
Tainted: from untrusted source, or unknown◦ User input
Explicit information flow Database returns untainted value only if
database has received that value untainted
38
![Page 39: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/39.jpg)
MAX
{(2, 0), (3, 1), (5, 0)} = (5, ?)
39
untainteduntainted taintedtainted untainteduntainted
![Page 40: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/40.jpg)
MAX
{(2, 0), (3, 1), (5, 0)} = (5, 0)
40
untainteduntainted taintedtainted untainteduntainted untainteduntainted
![Page 41: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/41.jpg)
Equality
(3, 0) = (3, 1)
41
untainteduntainted taintedtainted
?
![Page 42: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/42.jpg)
Equality
3 == 3
42
![Page 43: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/43.jpg)
Equality
(3, 0) == (3, 1)
Adopt notion of backwards-compatibility [Chin, Wagner 09]
43
untainteduntainted taintedtainted
![Page 44: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/44.jpg)
MAX
{(5, 1), (5, 0)} = (5, ?)
44
untainteduntaintedtaintedtainted
![Page 45: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/45.jpg)
MAX
{5, 5} = 5
45
![Page 46: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/46.jpg)
MAX
{5, 5} = 5
46
OR
![Page 47: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/47.jpg)
MAX
{(5, 1), (5, 0)} = (5, ?)
47
OR
![Page 48: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/48.jpg)
MAX
{(5, 1), (5, 0)} = (5, 0)
When possible, prefer to return untainted values
48
untainteduntaintedtaintedtainted untainteduntainted
![Page 49: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/49.jpg)
49
WebAppWebApp
DB InterfaceDB InterfaceDatabase TableDatabase Table
Id Status
19 ‘closed’
27 ‘open’
32 ‘pending’
![Page 50: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/50.jpg)
50
WebAppWebApp
DB InterfaceDB InterfaceDatabase TableDatabase Table
x = DB.get(id=27)
x = DB.get(id=27)
Id Status
19 ‘closed’
27 ‘open’
32 ‘pending’
![Page 51: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/51.jpg)
51
WebAppWebApp
DB InterfaceDB InterfaceDatabase TableDatabase Table
x = DB.get(id=27)
x = DB.get(id=27)
Id Status
19 ‘closed’
27 ‘open’
32 ‘pending’
![Page 52: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/52.jpg)
52
WebAppWebApp
DB InterfaceDB InterfaceDatabase TableDatabase Table
x = DB.get(id=27)
x = DB.get(id=27)
Id Status
19 ‘closed’
27 ‘open’
32 ‘pending’
![Page 53: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/53.jpg)
53
WebAppWebApp
DB InterfaceDB InterfaceDatabase TableDatabase Table
x = “open”x = “open”
Id Status
19 ‘closed’
27 ‘open’
32 ‘pending’
![Page 54: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/54.jpg)
54
WebAppWebApp
DB InterfaceDB InterfaceDatabase TableDatabase Table
Id Status
(19, 0) (‘closed’, 1)
(27, 0) (‘open’, 1)
(32, 0) (‘pending, 1)
DBTaint
![Page 55: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/55.jpg)
55
WebAppWebApp
Database TableDatabase Table
Id Status
(19, 0) (‘closed’, 1)
(27, 0) (‘open’, 1)
(32, 0) (‘pending, 1)
x = DB.get(id=27)
x = DB.get(id=27)
DB InterfaceDB Interface
DBTaint
![Page 56: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/56.jpg)
56
WebAppWebApp
Database TableDatabase Table
Rewritten queryRewritten queryId Status
(19, 0) (‘closed’, 1)
(27, 0) (‘open’, 1)
(32, 0) (‘pending, 1)
DB InterfaceDB Interface
DBTaint
![Page 57: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/57.jpg)
57
WebAppWebApp
Database TableDatabase Table
Result tuplesResult tuplesId Status
(19, 0) (‘closed’, 1)
(27, 0) (‘open’, 1)
(32, 0) (‘pending, 1)
DB InterfaceDB Interface
DBTaint
![Page 58: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/58.jpg)
58
WebAppWebApp
Database TableDatabase Table
Id Status
(19, 0) (‘closed’, 1)
(27, 0) (‘open’, 1)
(32, 0) (‘pending, 1)
DB InterfaceDB Interface
DBTaint
Collapse tuples and taint appropriately
Collapse tuples and taint appropriately
![Page 59: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/59.jpg)
59
WebAppWebApp
Database TableDatabase Table
x = “open”// x is taintedx = “open”// x is tainted
Id Status
(19, 0) (‘closed’, 1)
(27, 0) (‘open’, 1)
(32, 0) (‘pending, 1)
DB InterfaceDB Interface
DBTaint
![Page 60: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/60.jpg)
Account for composite types in SQL queries Collapse and taint result tuples as needed These changes are:
◦ Transparent to web application◦ High-level, portable
60
unchangedunchanged
DBDBDB InterfaceDB Interface
DBTaint
![Page 61: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/61.jpg)
61
Parameterized queries Prepare:
◦ INSERT … (id, status) VALUES (?, ?)
◦ Execute◦ (27, ‘open’)
![Page 62: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/62.jpg)
62
Parameterized queries Prepare:
◦ INSERT … (id, status) VALUES (?, ?)◦ // with DBTaint:◦ INSERT … (id, status) VALUES (ROW(?, ?),
ROW(?, ?))
![Page 63: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/63.jpg)
63
Parameterized queries Prepare:
◦ INSERT … (id, status) VALUES (?, ?)◦ // with DBTaint:◦ INSERT … (id, status) VALUES (ROW(?, ?),
ROW(?, ?))
◦ Execute◦ (27, ‘open’) // 27 is untainted, ‘open’ is tainted◦ // with DBTaint:◦ (27, 0, ‘open’, 1)
![Page 64: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/64.jpg)
Prepare phase:◦ Queries are passed with placeholders for data
Execute phase:◦ Data values are passed separately, independently
Taint tracking engine requirement:◦ Only need to track taint values per variable
We handle non-parameterized queries too◦ See paper for details
64
![Page 65: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/65.jpg)
Leverage existing single-application information flow tracking systems
No changes to Web application
65
DB InterfaceDB Interface
Web ApplicationWeb Application
Single-application information flow
Single-application information flow
DBTaint
![Page 66: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/66.jpg)
Languages◦ Perl◦ Java
Database Interfaces◦ Perl DataBase Interface (DBI)◦ Java Database Connectivity (JDBC)
Database◦ PostgreSQL
66
![Page 67: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/67.jpg)
RT: Request Tracker (ticket tracking system)◦ 60,000+ lines of Perl◦ Perl DBI (DataBase Interface) API◦ Perl taint mode
JForum (discussion board system)◦ 30,000+ lines of Java◦ Java Database Connectivity (JDBC) API◦ Character-level taint engine [Chin, Wagner ’09]
67
![Page 68: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/68.jpg)
68
![Page 69: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/69.jpg)
Cross-application information flow tracking Persistent taint tracking Multiple Web applications, multiple
Databases
69
![Page 70: Benjamin Davis Hao Chen University of California, Davis.](https://reader035.fdocuments.net/reader035/viewer/2022062516/56649e635503460f94b5f61e/html5/thumbnails/70.jpg)
End-to-end information flow through Web services
Compatible with existing Web services◦ Requires no changes to Web applications
Taint propagation through database functions
70