The idea is to (somehow) add metadata to the java.lang.String object and allow an App (or APIs) to taint a string (i.e. mark it as 'potentially malicious') and to modify that App/API's behaviour based on tainted information (for example "don't execute an SQL statement if its sql command string is tainted")
There is still a lot of thinking that needs to happen on this idea, and we are currently in the 'pre PoC' stage.
Me and Steven are going to try to document our ideas, and here are the first two from him:
It starts with an idea
Where to start
For example are a couple interesting documents I quickly found by searching for 'Java tainted strings' on google:
- Dynamic Taint Propagation for Java - ACSAC (pdf)
- Dynamic Taint Propagation - Black Hat (pdf)
- Efficient Character-level Taint Tracking for Java (pdf) and Efficient Character-level Taint Tracking for Java (pptx)
