DepTaint: A static taint analysis method based on program dependence

Binbin Li, Rui Ma, Xuefei Wang, Xiajing Wang, Jinyuan He

科研成果: 书/报告/会议事项章节会议稿件同行评审

4 引用 (Scopus)

摘要

Since static taint analysis is performed prior to execution by considering all possible execution paths, it can discover potential security issues before the program running. Currently, many taint analysis tools pay more attention to data dependence in the program. Whereas implicit flow analysis based on control dependence is generally not considered owning to its complexity. Therefore, this paper presents a static taint analysis method named DepTaint, which expands the static checkers of LLVM, focuses on program dependence including data and control dependence in the program. DepTaint analyzes the taint variables propagated along explicit flows and implicit flows, especially commendably handles the under-taint in explicit flow analysis. Our evaluations demonstrate that, for 8 programs containing data and control dependence and 8 programs injected different common vulnerabilities (i.e., array bounds, double free, format string vulnerability, heap overflow, integer overflow, stack overflow, and UAF), DepTaint significantly outperforms LLVM's static checker both at marking taint variables and achieving more finegrained taint propagation paths. Specially, for the programs containing branch selection and loop structure, DepTaint on average marks 2X and 3.6X taint variables than LLVM's static checker.

源语言英语
主期刊名2020 the 4th International Conference on Management Engineering, Software Engineering and Service Sciences, ICMSS 2020
出版商Association for Computing Machinery
34-41
页数8
ISBN(电子版)9781450376419
DOI
出版状态已出版 - 17 1月 2020
活动4th International Conference on Management Engineering, Software Engineering and Service Sciences, ICMSS 2020 - Wuhan, 中国
期限: 17 1月 202019 1月 2020

出版系列

姓名ACM International Conference Proceeding Series

会议

会议4th International Conference on Management Engineering, Software Engineering and Service Sciences, ICMSS 2020
国家/地区中国
Wuhan
时期17/01/2019/01/20

指纹

探究 'DepTaint: A static taint analysis method based on program dependence' 的科研主题。它们共同构成独一无二的指纹。

引用此