Internet Archive Scholar
Filters
























1 Hit in 2.4 sec

FlowTwist: efficient context-sensitive inside-out taint analysis for large codebases

Johannes Lerch, Ben Hermann, Eric Bodden, Mira Mezini
<span title="">2014</span> <i title="ACM Press"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/dj7g645z6zfl5lut4iwy5walyu" style="color: black;">Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering - FSE 2014</a> </i> &nbsp;

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (386.3 kB)
https://web.archive.org/web/20200710003338/https://www.thewhitespace.de/publications/lhbm14flowtwist.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit <a rel="external noopener" href="https://www.thewhitespace.de/publications/lhbm14flowtwist.pdf">the original URL</a>. The file type is <code>application/pdf</code>.

This inside-out analysis requires a careful, context-sensitive coordination of both a backward and a forward taint analysis.  ...  In this work we thus present FlowTwist, a novel taintanalysis approach that works inside-out, i.e., tracks data flows from potentially vulnerable calls to the outer level of the API which the attacker  ...  To validate our hypothesis that the inside-out approach is faster and scales better for large codebases than a pure forward taint analysis, we apply both analyses to the confuseddeputy problem.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/2635868.2635878">doi:10.1145/2635868.2635878</a> <a target="_blank" rel="external noopener" href="https://dblp.org/rec/conf/sigsoft/LerchHBM14.html">dblp:conf/sigsoft/LerchHBM14</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/rnqajudkcnb5rbwiisnaqwujoy">fatcat:rnqajudkcnb5rbwiisnaqwujoy</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20200710003338/https://www.thewhitespace.de/publications/lhbm14flowtwist.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/ee/1e/ee1e8cda25ba6688f807749411f7813276d33514.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/2635868.2635878"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> acm.org </button> </a>
Citation

Johannes Lerch, Ben Hermann, Eric Bodden, Mira Mezini. "FlowTwist: efficient context-sensitive inside-out taint analysis for large codebases." Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering - FSE 2014 (2014) 98-108