论文信息 - Design and implementation of a dependence-based taint analysis

Design and implementation of a dependence-based taint analysis

Caused by the misuse of invalidated inputs, the major threats to WEB programs are injection vulnerabilities which could be located by taint analysis tracing the propagation and the usage of input data. On the basis of the formal definition of dependent relationship among object variables and object fields in the intermediate language JIMPLE, an inter-method algorithm is proposed to build a field-sensitive data dependence graph. The dependent relation of the parameters of JIMPLE methods is specially modeled and a reaching matrix is used to traverse all the taint propagation paths. To analyze large scale programs, the analysis is decomposed into multiple stages, each of which completes a sub-task to iteratively traverse the paths. A prototype is implemented on top of SOOT and tested to analyze several WEB sites, and experimental results shows better time performance and no loss of precision compared to existing approaches.

Zhou Xuan | Guo Fan

[1] Josep Silva,et al. A vocabulary of program slicing-based techniques , 2012, CSUR.

[2] Thorsten Holz,et al. Simulation of Built-in PHP Features for Precise Static Code Analysis , 2014, NDSS.

[3] Christopher Krügel,et al. Static analysis for detecting taint-style vulnerabilities in web applications , 2010, J. Comput. Secur..

[4] Manu Sridharan,et al. TAJ: effective taint analysis of web applications , 2009, PLDI '09.

[5] Jay Ligatti,et al. Defining code-injection attacks , 2012, POPL '12.

[6] Vitaly Shmatikov,et al. SAFERPHP: finding semantic vulnerabilities in PHP applications , 2011, PLAS '11.

[7] Zeng Qing. Taint Propagation Analysis and Dynamic Verification with Information Flow Policy , 2011 .

[8] Thomas W. Reps,et al. Guided Static Analysis , 2007, SAS.

[9] Qiang Huang,et al. Taint Propagation Analysis and Dynamic Verification with Information Flow Policy: Taint Propagation Analysis and Dynamic Verification with Information Flow Policy , 2011 .