A Taint Analyzer for COBOL Programs

Lovato, Alberto; Giacobazzi, Roberto; Mastroeni, Isabella

Home // VALID 2019, The Eleventh International Conference on Advances in System Testing and Validation Lifecycle // View article

A Taint Analyzer for COBOL Programs

Authors:
Alberto Lovato
Roberto Giacobazzi
Isabella Mastroeni

Keywords: Taint analysis; Injection attacks; Information leakage; COBOL.

Abstract:
The potential damage injection attacks or information leakage can inflict to an organization is huge. It is therefore important to recognize vulnerabilities in software that can make these attacks possible. We are implementing a static analysis that tracks propagation of tainted values through a COBOL-85 program. This analysis is part of an already developed static analyzer performing many syntactic checks and a semantic interval analysis. It can be used to find untrusted values ending in dangerous places, for example executed as database queries, or to verify that sensitive information coming from a database is not displayed to the user.

Pages: 18 to 23

Copyright: Copyright (c) IARIA, 2019

Publication date: November 24, 2019

Published in: conference

ISSN: 2308-4316

ISBN: 978-1-61208-755-9

Location: Valencia, Spain

Dates: from November 24, 2019 to November 28, 2019