@inproceedings{82bc69a8f4c9426794eebd8eb80c3380,
title = "Taint propagation path analysis based on program dependency",
abstract = "Taint propagation path analysis is an important pre-processing part to software vulnerability detection. This paper presents a static taint propagation path analysis method based on program dependency. After transforming the source code to the SSA (Static Single Assignment) form, we make a program dependency analysis, which consists of data dependency analysis within basic blocks, control dependency analysis between basic blocks, and Phi function dependency analysis. In particular, the branch control variables calculation from control dependency analysis and Phi function dependency analysis can transform the dependency between basic blocks into dependency between variables. As a result, we obtain the global program variable dependency graph, based on which, we can further find taint propagation paths through marking tainted data.We have implemented the method on the LLVM (Low Level Virtual Machine) compiler, and the experiment results show its validity.",
keywords = "Branch control variables, Control dependency, Data dependency, Phi function, SSA, Taint propagation path analysis, Value dependency graph",
author = "Y. Wang and C. Wang and Hu, {C. Z.} and C. Shan",
note = "Publisher Copyright: {\textcopyright} 2015 Taylor & Francis Group, London.; International Conference on Future Communication, Information and Computer Science, FCICS 2014 ; Conference date: 22-05-2014 Through 23-05-2014",
year = "2015",
doi = "10.1201/b18049-38",
language = "English",
isbn = "9781138026537",
series = "Future Communication, Information and Computer Science - Proceedings of the International Conference on Future Communication, Information and Computer Science, FCICS 2014",
publisher = "CRC Press/Balkema",
pages = "159--164",
editor = "Dawei Zheng",
booktitle = "Future Communication, Information and Computer Science - Proceedings of the International Conference on Future Communication, Information and Computer Science, FCICS 2014",
}