期刊文献+

污点分析中的隐式污染检测方法

Implicit Tainting Detection Method in Taint Analysis
下载PDF
导出
摘要 隐式流对于污点分析方法的准确性有重要影响。为此,提出一种基于程序单静态赋值形式的隐式流检测方法。通过生成控制流图的必经节点树检测控制依赖关系,计算必经边界发现程序汇合点,引入虚拟取值函数获得汇合点变量的多个赋值,从而判别变量取值分歧并标记污点属性。与人工审计结果的对比证明,该方法能够诊断2个污点分析工具的污染缺失和污染过度问题,有效降低隐式流分析的误报率和漏报率。 Implicit flow has a major impact on the accuracy of the taint analysis.In this paper,a method for implicit flow detection is proposed,which is based on the Static Single Assignment(SSA) form of program,including detecting control dependencies relationship by generating dominate tree on control flow graph,finding re-convergence point by computing dominance frontier,acquiring values by inserting virtual function at re-convergence point in SSA,and marking the correct taint type of variables.Compared with the manual auditing results,test results show that this method can diagnose the undertainting and overtainting problem of two analysis tools,and reduce false-positive and false-negative rate of implicit flow effectively.
出处 《计算机工程》 CAS CSCD 2012年第23期28-32,共5页 Computer Engineering
基金 国家"863"计划基金资助项目(2008AA01Z420)
关键词 污点分析 隐式流 显式流 控制依赖 单静态赋值 必经边界 taint analysis implicit flow explicit flow control dependence Static SingleAssignment(SSA) dominance frontier
  • 相关文献

参考文献8

  • 1Newsome J,Song D.Dynamic Taint Analysis for AutomaticDetection,Analysis,and Signature Generation of Exploits onCommodity Software[C]//Proc.of the 12th Annual Network andDistributed System Security Symposium.San Diego,USA:[s.n.],2005.
  • 2Zhu Yu,Jung J,Song D,et al.Privacy Scope:A Precise Infor-mation Flow Tracking System for Finding Application Leaks[R].Berkeley,USA:University of California,Tech.Rep.:UCB/EECS-2009-145,2009.
  • 3Schwartz E J,Avgerinos T,Brumley D.All You Ever Wanted toKnow About Dynamic Taint Analysis and Forward SymbolicExecution[C]//Proc.of IEEE Symposium on Security and Privacy.Oakland,USA:IEEE Computer Society Press,2010.
  • 4Clause J,Li Wanchun,Orso A.Dytan:A Generic Dynamic TaintAnalysis Framework[C]//Proc.of the International Symposium onSoftware Testing and Analysis.London,UK:ACM Press,2007.
  • 5Bao Tao,Zheng Yunhui,Lin Zhiqiang,et al.Strict ControlDependence and Its Effect on Dynamic Information FlowAnalyses[C]//Proc.of the 9th International Symposium onSoftware Testing and Analysis.Trento,USA:ACM Press,2010.
  • 6Kang M G,McCamant S,Poosankam P,et al.DTA++:DynamicTaint Analysis with Targeted Control——Flow Propagation[C]//Proc.of the 18th Annual Network and Distributed System SecuritySymposium.San Diego,USA:[s.n.],2011.
  • 7Appel A W.Modern Compiler Implementation in C[M].Cambridge,UK:Cambridge University Press,2004.
  • 8Nethercote N,Seward J.Valgrind:A Framework for HeavyweightDynamic Binary Instrumentation[C]//Proc.of ACM SIGPLANConference on Programming Language Design and Implemen-tation.New York,USA:ACM Press,2007.

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部