Event-driven programs consist of event listeners that can be registered dynamically with different types of events. The order in which these events are triggered is, however, non-deterministic. This combination of dynamicity and non-determinism renders reasoning about event-driven applications difficult. For example, it is possible that only a particular sequence of events causes certain program behavior to occur. However, manually determining the event sequence from all possibilities is not a feasible solution. Tool support is in order.
We present a static analysis that computes a sound over-approximation of the behavior of an event-driven program. We use this analysis as the foundation for a tool that warns about potential leaks of sensitive information in event-driven Scheme programs. We innovate by presenting developers a regular expression that describes the sequence of events that must be triggered for the leak to occur. We assess precision, recall, and accuracy of the tool’s results on a set of benchmark programs that model the essence of security vulnerabilities found in the literature.
Original languageEnglish
Title of host publicationProceedings of the 10th European Lisp Symposium
Number of pages8
ISBN (Electronic)ISBN-13: 978-2-9557474-1-4
StatePublished - 4 Apr 2017
Event10th European Lisp Symposium - Vrije Universiteit Brussel, Brussels, Belgium
Duration: 3 Apr 20174 Apr 2017


Conference10th European Lisp Symposium
Abbreviated titleELS17
Internet address

ID: 30354295