Hybrid Taint Flow Analysis in Scala

摘要

Scala is an object-oriented and functional programming language, which has taken the developers community by storm. Also, given its multi-threading/multi-processing capabilities, Scala is widely used for developing enterprise applications. However, many programmers do not perform careful security code review due to the high cost of vulnerability testing or the lack of knowledge about security issues in the Scala ecosystem. Thus, this problem often results in publishing vulnerable and unstable applications in the market. In this paper we propose TainTagger, as an innovative approach that integrates static and dynamic analysis to diagnose vulnerabilities and zero-day attacks in Scala applications. We evaluated TainTagger from two perspectives: effectiveness and performance. Our results prove the advantage of our approach in comparison with related work.