SaTC: CORE: Small: Studying and Measuring the Consequence of Prototype Pollution Vulnerabilities Automatically via Joint Taintflow Analysis
Johns Hopkins University, Baltimore MD
Investigators
Abstract
Prototype pollution is a relatively new type of vulnerability that was discovered in 2018. State-of-the-art works all focus on prototype pollution itself but not the follow-up influence, which we call further consequences in this project. Although people understand that prototype pollution may lead to some consequences such as overwriting critical variables, it remains unclear what a list of possible consequences could be and more importantly how prevalent they are in the real world. This greatly limits people’s understanding of prototype pollution: They often do not take prototype pollution seriously because they think it is a "theoretical" vulnerability, which may not have a severe consequence as other web vulnerabilities. In this project, an automated framework on a novel joint taint-flow analysis is designed to systematically study and measure further consequences of prototype pollution vulnerabilities in the real world. Specifically, such an analysis connects different taint-flows based on object lookup and assignment statements. The project will answer three fundamental questions in prototype pollution, i.e., (i) where to inject/alter a property, (ii) what property to pollute, and (iii) what value to inject. For example, a Cross-site Scripting (XSS) consequence depends on the answer to the question (iii) and the corresponding joint taint-flow: The taint goes into the value of a polluted property belonging to a polluted object as an en-route stop, and then finally to a traditional XSS sink like eval. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →