Taint Dependency Sequences: A Characterization of Insecure Execution Paths Based on Input-Sensitive Cause Sequences

机译：污染依赖序列：基于输入敏感原因序列的不安全执行路径的刻画

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
引文网络
相似文献
相关主题

摘要

Numerous software vulnerabilities can be activated only with dedicated user inputs. Taint analysis is a security check which consists in looking for possible dependency chains between user inputs and vulnerable statements (like array accesses). Most of the existing static taint analysis tools produce some warnings on potentially vulnerable program locations. It is then up to the developer to analyze these results by scanning the possible execution paths that may lead to these locations with unsecured user inputs. We present a Taint Dependency Sequences Calculus, based on a fine-grain data and control taint analysis, that aims to help the developer in this task by providing some information on the set of paths that need to be analyzed. Following some ideas introduced in [1], [2], we also propose some metrics to characterize these paths in term of "dangerousness". This approach is illustrated with the help of the Verisec Suite [3] and by describing a prototype, called STAC.

机译：只有使用专用的用户输入，才能激活许多软件漏洞。污染分析是一项安全检查，其中包括寻找用户输入与易受攻击的语句（例如数组访问）之间可能的依赖关系链。大多数现有的静态污点分析工具都会在潜在易受攻击的程序位置发出一些警告。然后由开发人员通过扫描可能的执行路径来分析这些结果，这些执行路径可能导致使用不安全的用户输入进入这些位置。我们基于细粒度的数据和控制异味分析，提出了一种Taint依赖序列演算，旨在通过提供一些有关需要分析的路径信息来帮助开发人员完成此任务。遵循[1]，[2]中介绍的一些思想，我们还提出了一些度量标准，以“危险性”来表征这些路径。在Verisec Suite [3]的帮助下并通过描述一个称为STAC的原型来说明这种方法。

著录项

来源
《Third International Conference on Software Testing, Verification, and Validation—Workshops》|2010年|P.371-380|共10页
会议地点 Paris(FR);Paris(FR)
作者
Ceara Dumitru; Mounier Laurent; Potet Marie-Laure;
展开▼
作者单位

Issue Date: 6-10 April 2010rnrntOn page(s): rnt371rnttrn- 380rnrnrnLocation: Paris, FrancernrnPrint ISBN: 978-1-4244-6773-0rnrnrnrnttrnDigital Object Identifier: href='http://dx.doi.org/10.1109/ICSTW.2010.28' target='_blank'>10.1109/ICSTW.2010.28 rnrnDate of Current Version: trnrnt2010-05-13 13:19:49.0rnrnt rntt class="body-text">rntname="Abstract">>Abstractrn>Numerous software vulnerabilities can be activated only with dedicated user inputs. Taint analysis is a security check which consists in looking for possible dependency chains between user inputs and vulnerable statements (like array accesses). Most of the existing static taint analysis tools produce some warnings on potentially vulnerable program locations. It is then up;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类 TP311.52;
关键词
taint analysis; test objectives; vulnerability detection;

机译：污染分析;测试目标;漏洞检测;

相似文献

外文文献
中文文献
专利

1. Anxiety of dependency in international joint ventures? An empirical study of drivers and consequences of relationship insecurity [J] . Matthew J. Robson, Stavroula Spyropoulou, Ali Bin Khalifa Al-Khalifa Industrial marketing management . 2006,第5期

机译：对国际合资企业依赖的焦虑？关系不安全的驱动因素和后果的实证研究
2. Parallel Cortico-Basal Ganglia Mechanisms for Acquisition and Execution of Visuomotor Sequences—A Computational Approach [J] . Nakahara H, Doya K, Hikosaka O Journal of Cognitive Neuroscience . 2001,第5期

机译：视觉运动序列的获取和执行的并行皮质-基底神经节机制—一种计算方法
3. Numerical characterization and similarity analysis of DNA sequences based on 2-d graphical representation of the characteristic sequences. [J] . Li C, Wang J Combinatorial chemistry & high throughput screening . 2003,第8期

机译：基于特征序列的二维图形表示，对DNA序列进行数值表征和相似性分析。
4. Taint Dependency Sequences: A Characterization of Insecure Execution Paths Based on Input-Sensitive Cause Sequences [C] . Ceara Dumitru, Mounier Laurent, Potet Marie-Laure International Conference on Software Testing, Verification, and Validation Workshops;Workshop on Advances and Quality in Model-Based Testing Committee;International Workshop on Mutation Analysis Committee;International Workshop on Search-Based Software Testing Committee;Testing Techniques Experimentation Benchmarks for Event-Driven Software Committee;International Workshop on Validation and Verification of Dynamic Systems Committee;Workshop on Constraints in Software Testing, Verification, and Analysis Committee;International Workshop on Modeling and Detection of Vulnerabilities Committee;International Workshop on Test-Dricen Development Committee . 2010

机译：Taint依赖序列：基于输入敏感原因序列的不安全执行路径的表征
5. On the detection of non-adjoining dependencies in molecular sequences. [D] . Dutil, Nicolas. 2003

机译：关于检测分子序列中不相邻的依赖性。
6. Integrating shortest dependency path and sentence sequence into a deep learning framework for relation extraction in clinical text [O] . Zhiheng Li, Zhihao Yang, Chen Shen, 2019

机译：将最短依赖路径和句子序列集成到深度学习框架中以提取临床文本中的关系
7. Taint Dependency Sequences: a characterization of insecure execution paths based on input-sensitive cause sequences ⋆ [O] . Dumitru Ceară, Laurent Mounier, Marie-laure Potet 2010

机译：污染依赖序列：基于对输入敏感的原因序列的不安全执行路径的表征⋆
8. Ensuring critical event sequences in high consequence computer based systems as inspired by path expressions [R] . Kidd, M. E. C. 1997

机译：在路径表达式的启发下，确保基于计算机的高序列系统中的关键事件序列

Taint Dependency Sequences: A Characterization of Insecure Execution Paths Based on Input-Sensitive Cause Sequences

摘要

著录项

引文网络

相似文献

相关主题

期刊订阅