Publication Type
Conference Proceeding Article
Version
acceptedVersion
Publication Date
7-2023
Abstract
Packages in the Node.js ecosystem often suffer from serious vulnerabilities such as arbitrary command injection and code execution. Existing taint analysis tools fall short in providing an end-to-end infrastructure for automatically detecting and triaging these vulnerabilities.We develop NodeMedic, an end-to-end analysis infrastructure that automates test driver creation, performs precise yet scalable dynamic taint propagation via algorithmically tuned propagation policies, and exposes taint provenance information as a provenance graph. Using provenance graphs we develop two post-detection analyses: automated constraint-based exploit synthesis to confirm vulnerabilities; Attack-defense-tree-based rating of flow exploitability.We demonstrate the effectiveness of NodeMedic through a large-scale evaluation of 10,000 Node.js packages. Our evaluation uncovers 155 vulnerabilities, of which 152 are previously undisclosed, and 108 were confirmed with automatically synthesized exploits. We have open-sourced NodeMedic and a suite of 589 taint precision unit tests.
Keywords
Analysis tools, Code execution, Command injections, Constraint-based, Tree-based
Discipline
Software Engineering
Publication
2023 8th IEEE European Symposium on Security and Privacy, Euro S and P: Delft, July 3-7: Proceedings
First Page
1101
Last Page
1127
ISBN
9781665465120
Identifier
10.1109/EuroSP57164.2023.00068
Publisher
IEEE
City or Country
Piscataway, NJ
Citation
CASSEL, Darion; WONG, Wai Tuck; and JIA, Limin.
NodeMedic: End-to-end analysis of Node.js vulnerabilities with provenance graphs. (2023). 2023 8th IEEE European Symposium on Security and Privacy, Euro S and P: Delft, July 3-7: Proceedings. 1101-1127.
Available at: https://ink.library.smu.edu.sg/sis_research/8094
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.