Zexin Zhong, Jiangchao Liu, Diyu Wu, Peng Di, Yulei Sui, A. Liu
{"title":"基于现场的工业微服务静态污点分析","authors":"Zexin Zhong, Jiangchao Liu, Diyu Wu, Peng Di, Yulei Sui, A. Liu","doi":"10.1145/3510457.3513075","DOIUrl":null,"url":null,"abstract":"Taint analysis is widely used for tracing sensitive data. However, the state-of-the-art taint analyzers face challenges on recall, scalability, and precision when applied on industrial microservices. To overcome these challenges, we present a field-based static taint analysis approach, which does not distinguish different instances of the same type but distinguishes fields of the same kind for tracing sensitive data on industrial microservices. The experimental results demonstrate that our approach is practical in industrial scenarios.","PeriodicalId":119790,"journal":{"name":"2022 IEEE/ACM 44th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP)","volume":"353 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Field-Based Static Taint Analysis for Industrial Microservices\",\"authors\":\"Zexin Zhong, Jiangchao Liu, Diyu Wu, Peng Di, Yulei Sui, A. Liu\",\"doi\":\"10.1145/3510457.3513075\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Taint analysis is widely used for tracing sensitive data. However, the state-of-the-art taint analyzers face challenges on recall, scalability, and precision when applied on industrial microservices. To overcome these challenges, we present a field-based static taint analysis approach, which does not distinguish different instances of the same type but distinguishes fields of the same kind for tracing sensitive data on industrial microservices. The experimental results demonstrate that our approach is practical in industrial scenarios.\",\"PeriodicalId\":119790,\"journal\":{\"name\":\"2022 IEEE/ACM 44th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP)\",\"volume\":\"353 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE/ACM 44th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3510457.3513075\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE/ACM 44th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3510457.3513075","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Field-Based Static Taint Analysis for Industrial Microservices
Taint analysis is widely used for tracing sensitive data. However, the state-of-the-art taint analyzers face challenges on recall, scalability, and precision when applied on industrial microservices. To overcome these challenges, we present a field-based static taint analysis approach, which does not distinguish different instances of the same type but distinguishes fields of the same kind for tracing sensitive data on industrial microservices. The experimental results demonstrate that our approach is practical in industrial scenarios.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
