{"title":"一个有效的污染分析工具","authors":"Jinxin Ma, Puhan Zhang, Guowei Dong, Shuai Shao, Jiangxiao Zhang","doi":"10.1109/ISIAS.2014.7064628","DOIUrl":null,"url":null,"abstract":"The taint analysis method is usually effective for vulnerabilities detection. Existing works mostly care about the accuracy of taint propagation, not considering the time cost. We proposed a novel method to improve the efficiency of taint propagation with indices. Based our method, we have implemented TWalker, an effective vulnerabilities detection tool that enables easy data flow analysis of the real world programs, providing faster taint analysis than other existing works. TWalker has four properties: first, it works directly on the programs without source code; second, it monitors the program's execution and records its necessary context; third, it delivers fine-grained taint analysis, providing fast taint propagation with indices; fourth, it could detect vulnerabilities effectively based on two security property rules. We have evaluated TWalker with several real world programs and compared it with a typical taint analysis tool. The experimental results show that our tool could perform taint propagation much faster than other tool, having better ability for vulnerabilities detection.","PeriodicalId":146781,"journal":{"name":"2014 10th International Conference on Information Assurance and Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"TWalker: An efficient taint analysis tool\",\"authors\":\"Jinxin Ma, Puhan Zhang, Guowei Dong, Shuai Shao, Jiangxiao Zhang\",\"doi\":\"10.1109/ISIAS.2014.7064628\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The taint analysis method is usually effective for vulnerabilities detection. Existing works mostly care about the accuracy of taint propagation, not considering the time cost. We proposed a novel method to improve the efficiency of taint propagation with indices. Based our method, we have implemented TWalker, an effective vulnerabilities detection tool that enables easy data flow analysis of the real world programs, providing faster taint analysis than other existing works. TWalker has four properties: first, it works directly on the programs without source code; second, it monitors the program's execution and records its necessary context; third, it delivers fine-grained taint analysis, providing fast taint propagation with indices; fourth, it could detect vulnerabilities effectively based on two security property rules. We have evaluated TWalker with several real world programs and compared it with a typical taint analysis tool. The experimental results show that our tool could perform taint propagation much faster than other tool, having better ability for vulnerabilities detection.\",\"PeriodicalId\":146781,\"journal\":{\"name\":\"2014 10th International Conference on Information Assurance and Security\",\"volume\":\"19 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 10th International Conference on Information Assurance and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISIAS.2014.7064628\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 10th International Conference on Information Assurance and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISIAS.2014.7064628","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The taint analysis method is usually effective for vulnerabilities detection. Existing works mostly care about the accuracy of taint propagation, not considering the time cost. We proposed a novel method to improve the efficiency of taint propagation with indices. Based our method, we have implemented TWalker, an effective vulnerabilities detection tool that enables easy data flow analysis of the real world programs, providing faster taint analysis than other existing works. TWalker has four properties: first, it works directly on the programs without source code; second, it monitors the program's execution and records its necessary context; third, it delivers fine-grained taint analysis, providing fast taint propagation with indices; fourth, it could detect vulnerabilities effectively based on two security property rules. We have evaluated TWalker with several real world programs and compared it with a typical taint analysis tool. The experimental results show that our tool could perform taint propagation much faster than other tool, having better ability for vulnerabilities detection.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
