NodeMedic: End-to-end analysis of Node.js vulnerabilities with provenance graphs
Packages in the Node.js ecosystem often suffer from serious vulnerabilities such as arbitrary command injection and code execution. Existing taint analysis tools fall short in providing an end-to-end infrastructure for automatically detecting and triaging these vulnerabilities.We develop NodeMedic,...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2023
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/8094 https://ink.library.smu.edu.sg/context/sis_research/article/9097/viewcontent/nodemedic_eurosp23_av.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-9097 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-90972023-09-07T07:24:23Z NodeMedic: End-to-end analysis of Node.js vulnerabilities with provenance graphs CASSEL, Darion WONG, Wai Tuck JIA, Limin Packages in the Node.js ecosystem often suffer from serious vulnerabilities such as arbitrary command injection and code execution. Existing taint analysis tools fall short in providing an end-to-end infrastructure for automatically detecting and triaging these vulnerabilities.We develop NodeMedic, an end-to-end analysis infrastructure that automates test driver creation, performs precise yet scalable dynamic taint propagation via algorithmically tuned propagation policies, and exposes taint provenance information as a provenance graph. Using provenance graphs we develop two post-detection analyses: automated constraint-based exploit synthesis to confirm vulnerabilities; Attack-defense-tree-based rating of flow exploitability.We demonstrate the effectiveness of NodeMedic through a large-scale evaluation of 10,000 Node.js packages. Our evaluation uncovers 155 vulnerabilities, of which 152 are previously undisclosed, and 108 were confirmed with automatically synthesized exploits. We have open-sourced NodeMedic and a suite of 589 taint precision unit tests. 2023-07-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/8094 info:doi/10.1109/EuroSP57164.2023.00068 https://ink.library.smu.edu.sg/context/sis_research/article/9097/viewcontent/nodemedic_eurosp23_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Analysis tools Code execution Command injections Constraint-based Tree-based Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Analysis tools Code execution Command injections Constraint-based Tree-based Software Engineering |
| spellingShingle |
Analysis tools Code execution Command injections Constraint-based Tree-based Software Engineering CASSEL, Darion WONG, Wai Tuck JIA, Limin NodeMedic: End-to-end analysis of Node.js vulnerabilities with provenance graphs |
| description |
Packages in the Node.js ecosystem often suffer from serious vulnerabilities such as arbitrary command injection and code execution. Existing taint analysis tools fall short in providing an end-to-end infrastructure for automatically detecting and triaging these vulnerabilities.We develop NodeMedic, an end-to-end analysis infrastructure that automates test driver creation, performs precise yet scalable dynamic taint propagation via algorithmically tuned propagation policies, and exposes taint provenance information as a provenance graph. Using provenance graphs we develop two post-detection analyses: automated constraint-based exploit synthesis to confirm vulnerabilities; Attack-defense-tree-based rating of flow exploitability.We demonstrate the effectiveness of NodeMedic through a large-scale evaluation of 10,000 Node.js packages. Our evaluation uncovers 155 vulnerabilities, of which 152 are previously undisclosed, and 108 were confirmed with automatically synthesized exploits. We have open-sourced NodeMedic and a suite of 589 taint precision unit tests. |
| format |
text |
| author |
CASSEL, Darion WONG, Wai Tuck JIA, Limin |
| author_facet |
CASSEL, Darion WONG, Wai Tuck JIA, Limin |
| author_sort |
CASSEL, Darion |
| title |
NodeMedic: End-to-end analysis of Node.js vulnerabilities with provenance graphs |
| title_short |
NodeMedic: End-to-end analysis of Node.js vulnerabilities with provenance graphs |
| title_full |
NodeMedic: End-to-end analysis of Node.js vulnerabilities with provenance graphs |
| title_fullStr |
NodeMedic: End-to-end analysis of Node.js vulnerabilities with provenance graphs |
| title_full_unstemmed |
NodeMedic: End-to-end analysis of Node.js vulnerabilities with provenance graphs |
| title_sort |
nodemedic: end-to-end analysis of node.js vulnerabilities with provenance graphs |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2023 |
| url |
https://ink.library.smu.edu.sg/sis_research/8094 https://ink.library.smu.edu.sg/context/sis_research/article/9097/viewcontent/nodemedic_eurosp23_av.pdf |
| _version_ |
1779157152823246848 |