Towards Fully Automatic Placement of Security Sanitizers and Declassifiers
A great deal of research on sanitizer placement, sanitizer correctness, checking path validity, and policy inference, has been done in the last five to ten years, involving type systems, static analysis and run-time monitoring and enforcement. However, in pretty much all work thus far, the burden of sanitizer placement has fallen on the developer. However, sanitizer placement in large-scale applications is difficult, and developers are likely to make errors, and thus create security vulnerabilities. This paper advocates a radically different approach: the authors aim to fully automate the placement of sanitizers by analyzing the flow of tainted data in the program. They argue that developers are better o leaving out sanitizers entirely instead of trying to place them.