{"title":"动态污染分析中隐含信息流的动态标记方法","authors":"Xuefei Wang, Hengtai Ma, Lisha Jing","doi":"10.1145/2799979.2799988","DOIUrl":null,"url":null,"abstract":"Dynamic taint analysis is an important technique for tracking information flow in software and it has been widely applied in the field of software testing, debugging and vulnerability detection. However, most of the dynamic taint analysis tools only handle explicit information flow, while ignoring the implicit information flow, resulting in a large number of false negative errors. Considering this situation, we present a dynamic marking method for implicit information flow, to handle a specific type of control-dependence. The method can identify and propagate implicit data during runtime, thus increasing the coverage of the tested program. we also propose pipeline, integrating our method in the process of dynamic taint analysis. Pipeline is implemented on the base of the dynamic taint analysis framework avalanche, and is designed to detect vulnerabilities in binary programs. In the studies, we applied the tool to 5 applications from some open-source projects, and it has effectively located and propagated the specific kind of implicit information flow.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A dynamic marking method for implicit information flow in dynamic taint analysis\",\"authors\":\"Xuefei Wang, Hengtai Ma, Lisha Jing\",\"doi\":\"10.1145/2799979.2799988\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Dynamic taint analysis is an important technique for tracking information flow in software and it has been widely applied in the field of software testing, debugging and vulnerability detection. However, most of the dynamic taint analysis tools only handle explicit information flow, while ignoring the implicit information flow, resulting in a large number of false negative errors. Considering this situation, we present a dynamic marking method for implicit information flow, to handle a specific type of control-dependence. The method can identify and propagate implicit data during runtime, thus increasing the coverage of the tested program. we also propose pipeline, integrating our method in the process of dynamic taint analysis. Pipeline is implemented on the base of the dynamic taint analysis framework avalanche, and is designed to detect vulnerabilities in binary programs. In the studies, we applied the tool to 5 applications from some open-source projects, and it has effectively located and propagated the specific kind of implicit information flow.\",\"PeriodicalId\":293190,\"journal\":{\"name\":\"Proceedings of the 8th International Conference on Security of Information and Networks\",\"volume\":\"15 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-09-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 8th International Conference on Security of Information and Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2799979.2799988\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 8th International Conference on Security of Information and Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2799979.2799988","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A dynamic marking method for implicit information flow in dynamic taint analysis
Dynamic taint analysis is an important technique for tracking information flow in software and it has been widely applied in the field of software testing, debugging and vulnerability detection. However, most of the dynamic taint analysis tools only handle explicit information flow, while ignoring the implicit information flow, resulting in a large number of false negative errors. Considering this situation, we present a dynamic marking method for implicit information flow, to handle a specific type of control-dependence. The method can identify and propagate implicit data during runtime, thus increasing the coverage of the tested program. we also propose pipeline, integrating our method in the process of dynamic taint analysis. Pipeline is implemented on the base of the dynamic taint analysis framework avalanche, and is designed to detect vulnerabilities in binary programs. In the studies, we applied the tool to 5 applications from some open-source projects, and it has effectively located and propagated the specific kind of implicit information flow.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
