TWalker: An efficient taint analysis tool

2014 10th International Conference on Information Assurance and Security Pub Date : 2014-11-01 DOI:10.1109/ISIAS.2014.7064628

Jinxin Ma, Puhan Zhang, Guowei Dong, Shuai Shao, Jiangxiao Zhang

{"title":"TWalker: An efficient taint analysis tool","authors":"Jinxin Ma, Puhan Zhang, Guowei Dong, Shuai Shao, Jiangxiao Zhang","doi":"10.1109/ISIAS.2014.7064628","DOIUrl":null,"url":null,"abstract":"The taint analysis method is usually effective for vulnerabilities detection. Existing works mostly care about the accuracy of taint propagation, not considering the time cost. We proposed a novel method to improve the efficiency of taint propagation with indices. Based our method, we have implemented TWalker, an effective vulnerabilities detection tool that enables easy data flow analysis of the real world programs, providing faster taint analysis than other existing works. TWalker has four properties: first, it works directly on the programs without source code; second, it monitors the program's execution and records its necessary context; third, it delivers fine-grained taint analysis, providing fast taint propagation with indices; fourth, it could detect vulnerabilities effectively based on two security property rules. We have evaluated TWalker with several real world programs and compared it with a typical taint analysis tool. The experimental results show that our tool could perform taint propagation much faster than other tool, having better ability for vulnerabilities detection.","PeriodicalId":146781,"journal":{"name":"2014 10th International Conference on Information Assurance and Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 10th International Conference on Information Assurance and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISIAS.2014.7064628","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

Abstract

The taint analysis method is usually effective for vulnerabilities detection. Existing works mostly care about the accuracy of taint propagation, not considering the time cost. We proposed a novel method to improve the efficiency of taint propagation with indices. Based our method, we have implemented TWalker, an effective vulnerabilities detection tool that enables easy data flow analysis of the real world programs, providing faster taint analysis than other existing works. TWalker has four properties: first, it works directly on the programs without source code; second, it monitors the program's execution and records its necessary context; third, it delivers fine-grained taint analysis, providing fast taint propagation with indices; fourth, it could detect vulnerabilities effectively based on two security property rules. We have evaluated TWalker with several real world programs and compared it with a typical taint analysis tool. The experimental results show that our tool could perform taint propagation much faster than other tool, having better ability for vulnerabilities detection.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

一个有效的污染分析工具

污点分析方法通常是有效的漏洞检测方法。现有的工作大多关心的是污染传播的准确性，而没有考虑时间成本。提出了一种新的方法来提高带指数的污染传播效率。基于我们的方法，我们实现了TWalker，这是一个有效的漏洞检测工具，可以轻松地对现实世界的程序进行数据流分析，提供比其他现有作品更快的污染分析。TWalker有四个特性:第一，它直接作用于程序而不需要源代码;其次，它监视程序的执行并记录其必要的上下文;第三，它提供细粒度的污染分析，提供快速的污染传播索引;第四，基于两个安全属性规则可以有效地检测漏洞。我们用几个真实世界的程序对TWalker进行了评估，并将其与典型的污染分析工具进行了比较。实验结果表明，该工具可以比其他工具更快地进行污染传播，具有更好的漏洞检测能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2014 10th International Conference on Information Assurance and Security

自引率

0.00%

发文量