Filters








85 Hits in 2.5 sec

IFDS Taint Analysis with Access Paths [article]

Nicholas Allen, François Gauthier, Alexander Jordan
2021 arXiv   pre-print
Similar to state-of-the-art approaches to taint analysis, our IFDS-based taint analysis uses access paths to abstract objects and fields in a program.  ...  In this paper, we present our novel IFDS-based solution to perform fast and precise static taint analysis of very large industrial Java web applications.  ...  Similar to recent work on IFDS-based static taint analysis [TPC + 13, ARF + 14], our analysis tracks taint through objects and fields by propagating access paths.  ... 
arXiv:2103.16240v1 fatcat:5r5qia4fjjablo32kwleyy3jey

Vulnerabilities Detection via Static Taint Analysis

N.V. Shimchik, V.N. Ignatyev
2019 Proceedings of the Institute for System Programming of RAS  
This tool is based on the Interprocedural Finite Distributive Subset (IFDS) algorithm and is able to perform interprocedural, context-sensitive, path-insensitive analysis of programs represented in LLVM  ...  According to our research it is not possible to achieve good results using pure taint analysis, so together with several enhancements of existing techniques we propose to supplement it with additional  ...  It demonstrates a possibility to perform taint analysis in terms of IFDS framework and also explains how to combine on-demand backward alias analysis with a regular forward taint analysis.  ... 
doi:10.15514/ispras-2019-31(3)-14 fatcat:4ukvhlrftndk5mhgklflbjpp2a

FlowTwist: efficient context-sensitive inside-out taint analysis for large codebases

Johannes Lerch, Ben Hermann, Eric Bodden, Mira Mezini
2014 Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering - FSE 2014  
Experiments with the Java Class Library show that, while a simple forward taint-analysis approach does not scale even with much machine power, FlowTwist's algorithm is able to fully analyze the library  ...  This inside-out analysis requires a careful, context-sensitive coordination of both a backward and a forward taint analysis.  ...  A natural approach to taint analysis with the IFDS algorithm is to use the identifiers of variables as propagated taint facts.  ... 
doi:10.1145/2635868.2635878 dblp:conf/sigsoft/LerchHBM14 fatcat:rnqajudkcnb5rbwiisnaqwujoy

FlowDroid

Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, Patrick McDaniel
2013 Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation - PLDI '14  
Acknowledgements We would like to thank Stephan Huber from Fraunhofer SIT for supporting us with real-world applications from the Google Play market and Dr.  ...  Karsten Sohr from TZI Bremen for supporting us with the Fortify SCA evaluation. Thanks to Marc-André Laverdière and others for contributions to a our implementations of FLOWDROID, Soot and Heros.  ...  analysis Both the forward and backward analysis propagate access paths.  ... 
doi:10.1145/2594291.2594299 dblp:conf/pldi/ArztRFBBKTOM14 fatcat:frfecavut5b2rkey3iqteggxqi

FlowDroid

Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, Patrick McDaniel
2014 SIGPLAN notices  
Acknowledgements We would like to thank Stephan Huber from Fraunhofer SIT for supporting us with real-world applications from the Google Play market and Dr.  ...  Karsten Sohr from TZI Bremen for supporting us with the Fortify SCA evaluation. Thanks to Marc-André Laverdière and others for contributions to a our implementations of FLOWDROID, Soot and Heros.  ...  analysis Both the forward and backward analysis propagate access paths.  ... 
doi:10.1145/2666356.2594299 fatcat:5llnrdegund33a6dmxvnkyrcga

The secret sauce in efficient and precise static analysis

Eric Bodden
2018 Companion Proceedings for the ISSTA/ECOOP 2018 Workshops on - ISSTA '18  
In particular, I argue that summary-based static-analysis techniques for distributive problems, such as IFDS, IDE and WPDS have been unduly under-appreciated.  ...  This breakthrough, along with the use of a demand-driven program-analysis design, has recently allowed us to implement practical static analysis tools such as the crypto-misuse checker CogniCrypt, which  ...  Much of the research described here was first and foremost conduct by a bright set of Ph.D. students and PostDocs I had the pleasure of working with, in particular: Johannes Späth, Lisa Nguyen Quang Do  ... 
doi:10.1145/3236454.3236500 dblp:conf/issta/Bodden18 fatcat:kqyal43tjjcp7lwwbzvn52lila

Just-in-time static analysis

Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith, Emerson Murphy-Hill
2017 Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis - ISSTA 2017  
We also present a general recipe for turning static data-flow analyses into JIT analyses through a concept of layered analysis execution illustrated through Cheetah, a JIT taint analysis for Android applications  ...  Furthermore, study participants consistently reported higher satisfaction levels with Cheetah compared to its traditional counterpart.  ...  Base Taint Analysis We next present the flow functions of the base IFDS analysis. We denote by stmt (α) the flow function of stmt applied to an access path α.  ... 
doi:10.1145/3092703.3092705 dblp:conf/issta/DoALBSM17 fatcat:df3zybnyx5f4rjuobasefqsp2m

A Qualitative Analysis of Android Taint-Analysis Results

Linghui Luo, Eric Bodden, Johannes Spath
2019 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE)  
To unravel the exact nature of taint flows, we have designed COVA, an analysis tool to compute partial path constraints that inform about the circumstances under which taint flows may actually occur in  ...  In the past, researchers have developed a number of popular taint-analysis approaches, particularly in the context of Android applications.  ...  For a field-store assignment statement, i.e., n : x.a = y , an access-path based analysis has to add the indirectly aliasing access paths of x [1] and COVA relies on an on-demand alias analysis [36]  ... 
doi:10.1109/ase.2019.00020 dblp:conf/kbse/LuoBS19 fatcat:d2vokxxy7zgmpayrxbcvqepw6y

SPLLIFT

Eric Bodden, Társis Tolêdo, Márcio Ribeiro, Claus Brabrand, Paulo Borba, Mira Mezini
2013 Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation - PLDI '13  
, finite, distributive, subset problems to an SPL-aware analysis formulated in the IDE framework, a well-known extension to IFDS.  ...  Using a full implementation based on Heros, Soot, CIDE and JavaBDD, we show that with SPL LIFT one can reuse IFDS-based analyses without changing a single line of code.  ...  Thanks to Phil Pratt-Szeliga and Marc-André Laverdière-Papineau, who provided help with analyzing J2ME MIDlets.  ... 
doi:10.1145/2491956.2491976 dblp:conf/pldi/BoddenTRBBM13 fatcat:avznic742zgztnic5k74x3cu2q

SPLLIFT

Eric Bodden, Társis Tolêdo, Márcio Ribeiro, Claus Brabrand, Paulo Borba, Mira Mezini
2013 SIGPLAN notices  
, finite, distributive, subset problems to an SPL-aware analysis formulated in the IDE framework, a well-known extension to IFDS.  ...  Using a full implementation based on Heros, Soot, CIDE and JavaBDD, we show that with SPL LIFT one can reuse IFDS-based analyses without changing a single line of code.  ...  Thanks to Phil Pratt-Szeliga and Marc-André Laverdière-Papineau, who provided help with analyzing J2ME MIDlets.  ... 
doi:10.1145/2499370.2491976 fatcat:dkuqm653pzdnzk4dkpta2y5fry

StubDroid

Steven Arzt, Eric Bodden
2016 Proceedings of the 38th International Conference on Software Engineering - ICSE '16  
Automated taint analyses address this problem by allowing users to detect and investigate how applications access and handle this data.  ...  A current problem with virtually all those analysis approaches is, though, that they rely on explicit models of the Android runtime library.  ...  It reports p.o1.d.* back to the taint analysis. Note that the rules directly create new taints on access paths.  ... 
doi:10.1145/2884781.2884816 dblp:conf/icse/ArztB16 fatcat:s3kinoa5tfdm5pzhx5x5oy3lfa

Industrial Experience of Finding Cryptographic Vulnerabilities in Large-scale Codebases [article]

Ya Xiao, Yang Zhao, Nicholas Allen, Nathan Keynes, Danfeng Yao, Cristina Cifuentes
2022 arXiv   pre-print
Enterprise environment often screens large-scale (millions of lines of code) codebases with static analysis tools to find bugs and vulnerabilities.  ...  We tackle this problem by specializing the backward dataflow analysis used in Parfait with refinement insights, an idea from the tool CryptoGuard.  ...  IFDS in Parfait. Parfait implements the data-flow analysis as well as the IFDS framework.  ... 
arXiv:2007.06122v2 fatcat:24pzr4icsva5taxnoo4m7rapsy

Andromeda: Accurate and Scalable Security Analysis of Web Applications [chapter]

Omer Tripp, Marco Pistoia, Patrick Cousot, Radhia Cousot, Salvatore Guarnieri
2013 Lecture Notes in Computer Science  
In this paper, we investigate a novel approach for enabling precise yet scalable static taint analysis.  ...  Static taint analysis enables deep and exhaustive tracking of suspicious data flows for detection of potential leakage and integrity violations, such as cross-site scripting (XSS), SQL injection (SQLi)  ...  Conclusion We have presented ANDROMEDA, a security-analysis algorithm featuring local, demanddriven tracking of vulnerable information flows.  ... 
doi:10.1007/978-3-642-37057-1_15 fatcat:vzvyutcwwreaviyips3rd4zlsm

PhASAR: An Inter-procedural Static Analysis Framework for C/C++ [chapter]

Philipp Dominik Schubert, Ben Hermann, Eric Bodden
2019 Lecture Notes in Computer Science  
PhASAR thus hides the complexity of static analysis behind a high-level API, making static program analysis more accessible and easy to use. PhASAR is available as an open-source project.  ...  Analyzing 12 real-world programs using a taint analysis written in PhASAR, we found PhASAR's abstractions and their implementations to provide a whole-program analysis that scales well to real-world programs  ...  The analysis acts as a baseline as it is the most efficient IFDS/IDE analysis that can possibly be implemented. T implements a taint analysis.  ... 
doi:10.1007/978-3-030-17465-1_22 fatcat:gu2ncouuzrcavbqaiihf5ol57i

Static Detection of Packet Injection Vulnerabilities

Qi Alfred Chen, Zhiyun Qian, Yunhan Jack Jia, Yuru Shao, Zhuoqing Morley Mao
2015 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15  
If paths with weak constraints exist, a vulnerability may be revealed immediately.  ...  The analysis operates in two steps. First, it identifies the critical paths and constraints that lead to accepting an incoming packet.  ...  To achieve context sensitivity, our static taint analysis needs to be performed in an inter-procedural data flow analysis framework, with two major choices: IFDS/IDE framework [42, 44] , and summary-based  ... 
doi:10.1145/2810103.2813643 dblp:conf/ccs/ChenQJSM15 fatcat:ygzuckqmrjbmxpusn3y7h2yq64
« Previous Showing results 1 — 15 out of 85 results