Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a groundbreaking conference presentation introducing the first taint analysis approach specifically designed for multi-language web applications that combine JavaScript with WebAssembly modules. Learn about the innovative JASMaint system, which addresses critical security vulnerabilities in modern web applications through dynamic taint analysis across multiple programming languages including JavaScript, C, C++, and Rust compiled to WebAssembly. Discover how the novel analysis orchestrator component manages taint information exchange during interoperation between language-specific analyses, overcoming the limitations of traditional single-language approaches that rely on taint signatures or models derived from high-level source code. Understand the technical implementation based on source code instrumentation for both JavaScript and WebAssembly codebases, enabling deployment across all runtimes supporting these technologies. Examine comprehensive evaluation results demonstrating how this approach reduces overtainting by 0.003%–56.20% compared to over-approximating function model-based analyses, while analyzing the associated performance overhead factors of 1.14x–1.61x. Gain insights into addressing the scalability challenges posed by continuously evolving WebAssembly modules that typically lack access to their original high-level source code, and explore the implications for program understanding and security attack prevention in multi-language web development environments.
