Documents

Event-driven programs consist of event listeners that can be registered dynamically with different types of events. The order in which these events are triggered is, however, non-deterministic. This combination of dynamicity and non-determinism renders reasoning about event-driven applications difficult. For example, it is possible that only a particular sequence of events causes certain program behavior to occur. However, manually determining the event sequence from all possibilities is not a feasible solution. Tool support is in order.
We present a static analysis that computes a sound over-approximation of the behavior of an event-driven program. We use this analysis as the foundation for a tool that warns about potential leaks of sensitive information in event-driven Scheme programs. We innovate by presenting developers a regular expression that describes the sequence of events that must be triggered for the leak to occur. We assess precision, recall, and accuracy of the tool’s results on a set of benchmark programs that model the essence of security vulnerabilities found in the literature.
Original languageEnglish
Title of host publicationProceedings of the 10th European Lisp Symposium
PublisherACM
Pages80-87
Number of pages8
ISBN (Electronic)ISBN-13: 978-2-9557474-1-4
StatePublished - 4 Apr 2017
Event10th European Lisp Symposium - Brussels, Belgium

Conference

Conference10th European Lisp Symposium
Abbreviated titleELS17
CountryBelgium
CityBrussels
Period3/04/174/04/17
Internet address

ID: 30354295