String-Wise Information Flow Tracking against Script Injection Attacks

Nowadays, security of Web applications faces a threat of script injection attacks. DTP (dynamic taint propagation) and DIFT (dynamic information flow tracking) have been established as powerful techniques to detect script injection attacks. However current DTP/DIFT systems still suffer from tradeoff between false positives and negatives.This paper proposes string-wise information flow tracking, SWIFT. SWIFT traces memory access of program execution, detects string access and distinguishes string operations from other memory access. Current DTP/DIFT systems propagate taint from source to destination operands. Instead of that, SWIFT propagates taint information under string operations. This makes SWIFT provide a better accuracy on detection of script injection attacks than current DTP/DIFT systems.We implemented SWIFT on an IA-32 emulator Bochs, executed typical string operations and made injection attacks to some real-world Web applications with known vulnerabilities. As a result, SWIFT shows a high precision in our security experiments.