Compile-time Security Analysis and Optimization of Sensitive String Producers

TL;DR

This paper presents a framework for secure content composition in programming languages, enabling static analysis, efficient runtime performance, and developer diagnostics to mitigate security vulnerabilities in string handling.

Contribution

It introduces a language design that minimizes differences between secure and insecure string idioms, with practical compilation strategies and integrated diagnostics.

Findings

Static analyses based on dynamic semantics enable security guarantees.

Runtime performance approaches naive string concatenation.

Compiler diagnostics provide clear, position-specific feedback.

Abstract

Content composition vulnerabilities remain among the most prevalent and persistent classes of security weakness in deployed software. Prior mitigations, including developer training, static analysis tools, and domain-specific template languages, each face diminishing returns; AI code generation inherits these limitations and introduces new ones, reproducing insecure patterns from training data and lacking reliable context for self-correction. This paper introduces a general framework for secure content composition that extends across content languages and integrates directly into general-purpose programming languages via additive changes to string expression syntax. We define a language design goal of minimizing the lexical distance between secure and insecure idioms, and show that this goal admits practical compilation strategies: static analyses specified in terms of dynamic semantics, runtime performance approaching na\"ive string concatenation, and developer-facing diagnostics surfaced as compile-time errors or warnings. The approach enables an effective division of labor: security engineers encode composition hazards in libraries once; developers and AI coding agents select the appropriate library primitive to implement features correctly without needing to internalize specialist security knowledge; compiler diagnostics provide objective, position-keyed feedback that grounds both human review and iterative AI self-correction; and security responders focus on keeping libraries current rather than auditing ad-hoc security decisions distributed across a codebase.