Don’t let data Go astray
Don't let data Go astray
A Context-Sensitive Taint Analysis for Concurrent Programs in Go
Volker Stolz
Bergen University College, Norway & University of Oslo, Norway
28th Nordic Workshop on Programming Theory (NWPT'16) 1st November 2016
Supported by the bilateral Norwegian/German project GoRETech -- Go Runtime Enforcement Techniques & EU COST Action IC1402 "ARVI -- Applied Runtime Verification"
Don't let data Go astray
Violet Ka I Pun Martin Steffen Volker Stolz Anna-Katharina Wickert Eric Bodden Michael Eichberg
Motivation
Taint analysis: data flow analysis Secure information flow Prevent untrusted/sensitive data from reaching sensitive locations Examples (the usual suspects):
? SQL injection (user input flows unfiltered into SQL query) ? leaks (clear-text password ending up in log/debugging output)
Volker Stolz
Don't let data Go astray
NWPT'16 1 / 20
The Go language
Backed by Google imperative (C-programmers should be able to read it) object-oriented (maybe. . . ) concurrent (goroutines) structurally typed garbage collected; dynamic race checker higher-order functions and closures
Volker Stolz
Don't let data Go astray
NWPT'16 2 / 20
What are methods?
procedures ? functions ? methods methods are "specific" functions Example: add1 / add2 not that much different from each other
type Number struct { n int } func add1 (x Number, y Number)
func (x Number) add2 (y Number) int { return x.n+y.n }
method function with special first argument f (o, v ) vs. o.f (v )
elsewhere often: special keyword for first argument: this (or self)
Volker Stolz
Don't let data Go astray
NWPT'16 3 / 20
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- section 10 edu
- language level concurrency support go
- table of contents
- cos418 precept 1 princeton university
- don t let data go astray
- automation of web application scanning with burp suite
- a multiparty homomorphic encryption library in go
- go eine moderne programmiersprache
- why you want to learn go jan seidl viruslab systems
- introductionto go and rpc in go home damon