Static program analysis assisted dynamic taint tracking for software vulnerability discovery

Ruoyu Zhang; Shiqiu Huang; Zhengwei Qi; Haibing Guan

首页> 外文期刊>Computers & mathematics with applications >Static program analysis assisted dynamic taint tracking for software vulnerability discovery

【24h】

Static program analysis assisted dynamic taint tracking for software vulnerability discovery

机译：静态程序分析辅助动态污点跟踪，以发现软件漏洞

获取原文

获取原文并翻译 | 示例

开具论文收录证明 >>

页面导航

摘要
著录项
引文网络
相似文献
相关主题

摘要

The evolution of computer science has exposed us to the growing gravity of security problems and threats. Dynamic taint analysis is a prevalent approach to protect a program from malicious behaviors, but fails to provide any information about the code which is not executed. This paper describes a novel approach to overcome the limitation of traditional dynamic taint analysis by integrating static analysis into the system and presents framework SDCF to detect software vulnerabilities with high code coverage. Our experiments show that SDCF is not only able to provide efficient runtime protection by introducing an overhead of 4.16x based on the taint tracing technique, but is also capable of discovering latent software vulnerabilities which have not been exploited, and achieve code coverage of more than 90%.

机译：计算机科学的发展使我们面临安全问题和威胁日益严重的问题。动态污点分析是一种保护程序免受恶意行为侵害的流行方法，但是无法提供有关未执行代码的任何信息。本文介绍了一种通过将静态分析集成到系统中来克服传统动态污点分析的局限性的新方法，并提出了SDCF框架来检测具有高代码覆盖率的软件漏洞。我们的实验表明，SDCF不仅可以通过引入基于污点跟踪技术的4.16x开销来提供有效的运行时保护，而且还能够发现尚未被利用的潜在软件漏洞，并实现超过90％。

著录项

来源
《Computers & mathematics with applications》 |2012年第2期|p.469-480|共12页
作者
Ruoyu Zhang; Shiqiu Huang; Zhengwei Qi; Haibing Guan;
展开▼
作者单位

School of Software, Shanghai Key Laboratory of Scalable Computing and Systems, Shanghai Jiao Tong University, China;

School of Software, Shanghai Key Laboratory of Scalable Computing and Systems, Shanghai Jiao Tong University, China;

School of Software, Shanghai Key Laboratory of Scalable Computing and Systems, Shanghai Jiao Tong University, China;

School of Electronic Information and Electrical Engineering, Shanghai Key Laboratory of Scalable Computing and Systems, Shanghai Jiao Tong University, China;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
taint analysis; software vulnerability; code coverage; data flow analysis;

机译：污点分析;软件漏洞;代码覆盖率;数据流分析;

相似文献

外文文献
中文文献
专利

1. A deep learning based static taint analysis approach for IoT software vulnerability location [J] . Niu Weina, Zhang Xiaosong, Du Xiaojiang, Measurement . 2020,第期

机译：基于深度学习的IOT软件漏洞位置的静态染色分析方法
2. Tainting-Assisted and Context-Migrated Symbolic Execution of Android Framework for Vulnerability Discovery and Exploit Generation [J] . Luo Lannan, Zeng Qiang, Cao Chen, IEEE transactions on mobile computing . 2020,第12期

机译：禁止辅助和上下文迁移的Android框架易受攻击和漏洞生成的象征性
3. Static Taint Analysis Traversal with Object Oriented Component for Web File Injection Vulnerability Pattern Detection [J] . Aditya Kurniawan, Bahtiar Saleh Abbas, Agung Trisetyarso, Procedia Computer Science . 2018,第22期

机译：Web文件注入漏洞模式检测中带有面向对象组件的静态污点分析遍历
4. Dynamic Taint Tracking of Web Application Based on Static Code Analysis [C] . Jingling Zhao, Junxin Qi, Liang Zhou, International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing . 2016

机译：基于静态代码分析的Web应用程序动态污点跟踪
5. On supporting software evolution: Automatic decomposition schemes based on static and dynamic analysis of programs. [D] . Gopal, Rajeev. 1989

机译：关于支持软件演化：基于程序的静态和动态分析的自动分解方案。
6. A Graphical User Interface for Software-assisted Tracking of Protein Concentration in Dynamic Cellular Protrusions [O] . Tanumoy Saha, Isabel Rathmann, Milos Galic 2017

机译：图形用户界面用于软件辅助跟踪动态细胞突起中的蛋白质浓度
7. Static program analysis assisted dynamic taint tracking for software vulnerability discovery [O] . Zhang Ruoyu, Huang Shiqiu, Qi Zhengwei, 2012

机译：静态程序分析辅助动态污点跟踪，以发现软件漏洞

Static program analysis assisted dynamic taint tracking for software vulnerability discovery

摘要

著录项

引文网络

相似文献

相关主题

期刊订阅