DocumentCode
2372040
Title
PyXhon: Dynamic detection of security vulnerabilities in Python extensions
Author
Sun, Ming ; Gu, Dawu ; Li, Juanru ; Li, Bailan
Author_Institution
Dept. of Comput. Sci. & Eng., Shanghai Jiao Tong Univ., Shanghai, China
fYear
2012
fDate
23-25 March 2012
Firstpage
461
Lastpage
466
Abstract
Python programming language supports third-party software extensions which are important for software prototype development. This paper presents a security enhancement plug-in PyXhon, that detects the security vulnerabilities and privacy leaks from third-party extensions. We propose the Function Oriented Analysis, which developers use to monitor all function-call procedures; dynamic Byte Instruction Trace Analysis, which infers the behaviors of importing modules and accessing private DLL; and security policies, which provides strategies to accept or reject extensions. These security mechanisms do not require Python language features so as to be completely transparent to Python applications. PyXhon could generate a violation report, which helps developers quickly locate and analyze suspect code of extensions. To demonstrate the usefulness of PyXhon, we have analyzed more than 30 popular Python third-party extensions. Our experiments show that, with the violations of some extensions, most third-party code respect the resources privilege.
Keywords
data privacy; high level languages; object-oriented programming; program diagnostics; security of data; software prototyping; PyXhon; Python programming language; dynamic byte instruction trace analysis; dynamic detection; function oriented analysis; function-call procedure monitoring; importing module; privacy leak detection; private DLL; security enhancement plug-in; security policy; security vulnerability detection; software prototype development; third-party software extension; Computer languages; Context; Libraries; Monitoring; Privacy; Prototypes; Security;
fLanguage
English
Publisher
ieee
Conference_Titel
Information Science and Technology (ICIST), 2012 International Conference on
Conference_Location
Hubei
Print_ISBN
978-1-4577-0343-0
Type
conf
DOI
10.1109/ICIST.2012.6221690
Filename
6221690
Link To Document