Wed 17 Jul 2019 14:50 - 15:10 at Epernay - Testing

Scala is a functional programming and object-oriented language which is designed to be concise and compiled to Java bytecode so that a Scala application can be executed on a Java Virtual Machine (JVM). Scala’s designers claim that using static types in Scala help evade bugs in complex Scala applications. However, the recently discovered vulnerabilities in Scala applications shed doubt on this claim. Therefore, in this work, we introduce TaintSpy as a runtime vulnerability indicator which works based on dynamic taint analysis of Scala applications. Our proposed framework can identify security vulnerabilities without requiring the source code of applications. We demonstrate the usefulness of our framework by identifying and reporting several security vulnerabilities such as Remote Code Execution (RCE), Memory Corruption, DOS, SQL injection and XSS in standard Scala frameworks (e.g., Lift, Akka and Spray).

Wed 17 Jul

scala-2019-papers
13:30 - 15:10: Scala 2019 - Testing at Epernay
scala-2019-papers13:30 - 14:00
Short-paper
Konstantin LäuferLoyola University Chicago, John O'SullivanLoyola University Chicago, George K. ThiruvathukalLoyola University Chicago and Argonne National Laboratory
scala-2019-papers14:00 - 14:30
Short-paper
Jonas De BleserSofware Languages Lab, Vrije Universiteit Brussel, Dario Di NucciVrije Universiteit Brussel, Coen De RooverVrije Universiteit Brussel
scala-2019-papers14:30 - 14:50
Talk
Jonas De BleserSofware Languages Lab, Vrije Universiteit Brussel
scala-2019-papers14:50 - 15:10
Talk
Mohammadreza AshouriUniversity of Potsdam, Germany