Taint Dependency Sequences: A Characterization of Insecure Execution Paths Based on Input-Sensitive Cause Sequences

2010 Third International Conference on Software Testing, Verification, and Validation Workshops Pub Date : 2010-04-06 DOI:10.1109/ICSTW.2010.28

Dumitru Ceara, L. Mounier, Marie-Laure Potet

{"title":"Taint Dependency Sequences: A Characterization of Insecure Execution Paths Based on Input-Sensitive Cause Sequences","authors":"Dumitru Ceara, L. Mounier, Marie-Laure Potet","doi":"10.1109/ICSTW.2010.28","DOIUrl":null,"url":null,"abstract":"Numerous software vulnerabilities can be activated only with dedicated user inputs. Taint analysis is a security check which consists in looking for possible dependency chains between user inputs and vulnerable statements (like array accesses). Most of the existing static taint analysis tools produce some warnings on potentially vulnerable program locations. It is then up to the developer to analyze these results by scanning the possible execution paths that may lead to these locations with unsecured user inputs. We present a Taint Dependency Sequences Calculus, based on a fine-grain data and control taint analysis, that aims to help the developer in this task by providing some information on the set of paths that need to be analyzed. Following some ideas introduced in [1], [2], we also propose some metrics to characterize these paths in term of \"dangerousness\". This approach is illustrated with the help of the Verisec Suite [3] and by describing a prototype, called STAC.","PeriodicalId":117410,"journal":{"name":"2010 Third International Conference on Software Testing, Verification, and Validation Workshops","volume":"33 1-2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-04-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"24","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 Third International Conference on Software Testing, Verification, and Validation Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSTW.2010.28","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 24

Abstract

Numerous software vulnerabilities can be activated only with dedicated user inputs. Taint analysis is a security check which consists in looking for possible dependency chains between user inputs and vulnerable statements (like array accesses). Most of the existing static taint analysis tools produce some warnings on potentially vulnerable program locations. It is then up to the developer to analyze these results by scanning the possible execution paths that may lead to these locations with unsecured user inputs. We present a Taint Dependency Sequences Calculus, based on a fine-grain data and control taint analysis, that aims to help the developer in this task by providing some information on the set of paths that need to be analyzed. Following some ideas introduced in [1], [2], we also propose some metrics to characterize these paths in term of "dangerousness". This approach is illustrated with the help of the Verisec Suite [3] and by describing a prototype, called STAC.

查看原文本刊更多论文

污染依赖序列:基于输入敏感原因序列的不安全执行路径表征

许多软件漏洞只能通过专门的用户输入来激活。污点分析是一种安全检查，它包括寻找用户输入和易受攻击语句(如数组访问)之间可能的依赖链。大多数现有的静态污染分析工具都会对潜在的易受攻击的程序位置产生一些警告。然后由开发人员来分析这些结果，方法是扫描可能导致用户输入不安全的位置的执行路径。我们提出了一个基于细粒度数据和控制污染分析的污染依赖序列演绎法，旨在通过提供需要分析的路径集的一些信息来帮助开发人员完成这项任务。根据[1]，[2]中介绍的一些想法，我们还提出了一些指标来描述这些路径的“危险”。这种方法是在Verisec Suite[3]的帮助下通过描述一个称为STAC的原型来说明的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2010 Third International Conference on Software Testing, Verification, and Validation Workshops

自引率

0.00%

发文量