TY - GEN
T1 - DepTaint
T2 - 4th International Conference on Management Engineering, Software Engineering and Service Sciences, ICMSS 2020
AU - Li, Binbin
AU - Ma, Rui
AU - Wang, Xuefei
AU - Wang, Xiajing
AU - He, Jinyuan
N1 - Publisher Copyright:
© 2020 ACM.
PY - 2020/1/17
Y1 - 2020/1/17
N2 - Since static taint analysis is performed prior to execution by considering all possible execution paths, it can discover potential security issues before the program running. Currently, many taint analysis tools pay more attention to data dependence in the program. Whereas implicit flow analysis based on control dependence is generally not considered owning to its complexity. Therefore, this paper presents a static taint analysis method named DepTaint, which expands the static checkers of LLVM, focuses on program dependence including data and control dependence in the program. DepTaint analyzes the taint variables propagated along explicit flows and implicit flows, especially commendably handles the under-taint in explicit flow analysis. Our evaluations demonstrate that, for 8 programs containing data and control dependence and 8 programs injected different common vulnerabilities (i.e., array bounds, double free, format string vulnerability, heap overflow, integer overflow, stack overflow, and UAF), DepTaint significantly outperforms LLVM's static checker both at marking taint variables and achieving more finegrained taint propagation paths. Specially, for the programs containing branch selection and loop structure, DepTaint on average marks 2X and 3.6X taint variables than LLVM's static checker.
AB - Since static taint analysis is performed prior to execution by considering all possible execution paths, it can discover potential security issues before the program running. Currently, many taint analysis tools pay more attention to data dependence in the program. Whereas implicit flow analysis based on control dependence is generally not considered owning to its complexity. Therefore, this paper presents a static taint analysis method named DepTaint, which expands the static checkers of LLVM, focuses on program dependence including data and control dependence in the program. DepTaint analyzes the taint variables propagated along explicit flows and implicit flows, especially commendably handles the under-taint in explicit flow analysis. Our evaluations demonstrate that, for 8 programs containing data and control dependence and 8 programs injected different common vulnerabilities (i.e., array bounds, double free, format string vulnerability, heap overflow, integer overflow, stack overflow, and UAF), DepTaint significantly outperforms LLVM's static checker both at marking taint variables and achieving more finegrained taint propagation paths. Specially, for the programs containing branch selection and loop structure, DepTaint on average marks 2X and 3.6X taint variables than LLVM's static checker.
KW - LLVM
KW - control dependence
KW - implicit flow
KW - program dependence
KW - static taint analysis
UR - http://www.scopus.com/inward/record.url?scp=85085918724&partnerID=8YFLogxK
U2 - 10.1145/3380625.3380642
DO - 10.1145/3380625.3380642
M3 - Conference contribution
AN - SCOPUS:85085918724
T3 - ACM International Conference Proceeding Series
SP - 34
EP - 41
BT - 2020 the 4th International Conference on Management Engineering, Software Engineering and Service Sciences, ICMSS 2020
PB - Association for Computing Machinery
Y2 - 17 January 2020 through 19 January 2020
ER -