Summary
Dynamic taint tracking is a widely used technique for detecting security vulnerabilities such as injection attacks and information leaks, but its application to managed runtime languages like JavaScript and Java presents unique challenges due to dynamic dispatch and automatic memory management. We present a taint tracking system for managed runtime environments that overcomes these challenges through a combination of runtime instrumentation and flow-sensitive shadow memory. Our system tracks taint propagation through complex operations including string manipulation, object serialization, and callback invocation. We evaluate the system on a benchmark suite of web application vulnerabilities, achieving 94% detection rate for injection vulnerabilities with a 15% runtime overhead.