A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Filters
IFDS Taint Analysis with Access Paths
[article]
2021
arXiv
pre-print
Preserved Fulltext
Similar to state-of-the-art approaches to taint analysis, our IFDS-based taint analysis uses access paths to abstract objects and fields in a program. ...
In this paper, we present our novel IFDS-based solution to perform fast and precise static taint analysis of very large industrial Java web applications. ...
Similar to recent work on IFDS-based static taint analysis [TPC + 13, ARF + 14], our analysis tracks taint through objects and fields by propagating access paths. ...
arXiv:2103.16240v1
fatcat:5r5qia4fjjablo32kwleyy3jey
Vulnerabilities Detection via Static Taint Analysis
2019
Proceedings of the Institute for System Programming of RAS
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
This tool is based on the Interprocedural Finite Distributive Subset (IFDS) algorithm and is able to perform interprocedural, context-sensitive, path-insensitive analysis of programs represented in LLVM ...
According to our research it is not possible to achieve good results using pure taint analysis, so together with several enhancements of existing techniques we propose to supplement it with additional ...
It demonstrates a possibility to perform taint analysis in terms of IFDS framework and also explains how to combine on-demand backward alias analysis with a regular forward taint analysis. ...
doi:10.15514/ispras-2019-31(3)-14
fatcat:4ukvhlrftndk5mhgklflbjpp2a
FlowTwist: efficient context-sensitive inside-out taint analysis for large codebases
2014
Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering - FSE 2014
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Experiments with the Java Class Library show that, while a simple forward taint-analysis approach does not scale even with much machine power, FlowTwist's algorithm is able to fully analyze the library ...
This inside-out analysis requires a careful, context-sensitive coordination of both a backward and a forward taint analysis. ...
A natural approach to taint analysis with the IFDS algorithm is to use the identifiers of variables as propagated taint facts. ...
doi:10.1145/2635868.2635878
dblp:conf/sigsoft/LerchHBM14
fatcat:rnqajudkcnb5rbwiisnaqwujoy
FlowDroid
2013
Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation - PLDI '14
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Acknowledgements We would like to thank Stephan Huber from Fraunhofer SIT for supporting us with real-world applications from the Google Play market and Dr. ...
Karsten Sohr from TZI Bremen for supporting us with the Fortify SCA evaluation. Thanks to Marc-André Laverdière and others for contributions to a our implementations of FLOWDROID, Soot and Heros. ...
analysis Both the forward and backward analysis propagate access paths. ...
doi:10.1145/2594291.2594299
dblp:conf/pldi/ArztRFBBKTOM14
fatcat:frfecavut5b2rkey3iqteggxqi
FlowDroid
2014
SIGPLAN notices
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Acknowledgements We would like to thank Stephan Huber from Fraunhofer SIT for supporting us with real-world applications from the Google Play market and Dr. ...
Karsten Sohr from TZI Bremen for supporting us with the Fortify SCA evaluation. Thanks to Marc-André Laverdière and others for contributions to a our implementations of FLOWDROID, Soot and Heros. ...
analysis Both the forward and backward analysis propagate access paths. ...
doi:10.1145/2666356.2594299
fatcat:5llnrdegund33a6dmxvnkyrcga
The secret sauce in efficient and precise static analysis
2018
Companion Proceedings for the ISSTA/ECOOP 2018 Workshops on - ISSTA '18
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
In particular, I argue that summary-based static-analysis techniques for distributive problems, such as IFDS, IDE and WPDS have been unduly under-appreciated. ...
This breakthrough, along with the use of a demand-driven program-analysis design, has recently allowed us to implement practical static analysis tools such as the crypto-misuse checker CogniCrypt, which ...
Much of the research described here was first and foremost conduct by a bright set of Ph.D. students and PostDocs I had the pleasure of working with, in particular: Johannes Späth, Lisa Nguyen Quang Do ...
doi:10.1145/3236454.3236500
dblp:conf/issta/Bodden18
fatcat:kqyal43tjjcp7lwwbzvn52lila
Just-in-time static analysis
2017
Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis - ISSTA 2017
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
We also present a general recipe for turning static data-flow analyses into JIT analyses through a concept of layered analysis execution illustrated through Cheetah, a JIT taint analysis for Android applications ...
Furthermore, study participants consistently reported higher satisfaction levels with Cheetah compared to its traditional counterpart. ...
Base Taint Analysis We next present the flow functions of the base IFDS analysis. We denote by stmt (α) the flow function of stmt applied to an access path α. ...
doi:10.1145/3092703.3092705
dblp:conf/issta/DoALBSM17
fatcat:df3zybnyx5f4rjuobasefqsp2m
A Qualitative Analysis of Android Taint-Analysis Results
2019
2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
To unravel the exact nature of taint flows, we have designed COVA, an analysis tool to compute partial path constraints that inform about the circumstances under which taint flows may actually occur in ...
In the past, researchers have developed a number of popular taint-analysis approaches, particularly in the context of Android applications. ...
For a field-store assignment statement, i.e., n : x.a = y , an access-path based analysis has to add the indirectly aliasing access paths of x [1] and COVA relies on an on-demand alias analysis [36] ...
doi:10.1109/ase.2019.00020
dblp:conf/kbse/LuoBS19
fatcat:d2vokxxy7zgmpayrxbcvqepw6y
SPLLIFT
2013
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation - PLDI '13
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
, finite, distributive, subset problems to an SPL-aware analysis formulated in the IDE framework, a well-known extension to IFDS. ...
Using a full implementation based on Heros, Soot, CIDE and JavaBDD, we show that with SPL LIFT one can reuse IFDS-based analyses without changing a single line of code. ...
Thanks to Phil Pratt-Szeliga and Marc-André Laverdière-Papineau, who provided help with analyzing J2ME MIDlets. ...
doi:10.1145/2491956.2491976
dblp:conf/pldi/BoddenTRBBM13
fatcat:avznic742zgztnic5k74x3cu2q
SPLLIFT
2013
SIGPLAN notices
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
, finite, distributive, subset problems to an SPL-aware analysis formulated in the IDE framework, a well-known extension to IFDS. ...
Using a full implementation based on Heros, Soot, CIDE and JavaBDD, we show that with SPL LIFT one can reuse IFDS-based analyses without changing a single line of code. ...
Thanks to Phil Pratt-Szeliga and Marc-André Laverdière-Papineau, who provided help with analyzing J2ME MIDlets. ...
doi:10.1145/2499370.2491976
fatcat:dkuqm653pzdnzk4dkpta2y5fry
StubDroid
2016
Proceedings of the 38th International Conference on Software Engineering - ICSE '16
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Automated taint analyses address this problem by allowing users to detect and investigate how applications access and handle this data. ...
A current problem with virtually all those analysis approaches is, though, that they rely on explicit models of the Android runtime library. ...
It reports p.o1.d.* back to the taint analysis. Note that the rules directly create new taints on access paths. ...
doi:10.1145/2884781.2884816
dblp:conf/icse/ArztB16
fatcat:s3kinoa5tfdm5pzhx5x5oy3lfa
Industrial Experience of Finding Cryptographic Vulnerabilities in Large-scale Codebases
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:
2020 pre-print arXiv:2007.06122v1 fatcat:jk4rloc7bzenxl7pqtcltxo7qm
Enterprise environment often screens large-scale (millions of lines of code) codebases with static analysis tools to find bugs and vulnerabilities. ...
We tackle this problem by specializing the backward dataflow analysis used in Parfait with refinement insights, an idea from the tool CryptoGuard. ...
IFDS in Parfait. Parfait implements the data-flow analysis as well as the IFDS framework. ...
arXiv:2007.06122v2
fatcat:24pzr4icsva5taxnoo4m7rapsy
Andromeda: Accurate and Scalable Security Analysis of Web Applications
[chapter]
2013
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
In this paper, we investigate a novel approach for enabling precise yet scalable static taint analysis. ...
Static taint analysis enables deep and exhaustive tracking of suspicious data flows for detection of potential leakage and integrity violations, such as cross-site scripting (XSS), SQL injection (SQLi) ...
Conclusion We have presented ANDROMEDA, a security-analysis algorithm featuring local, demanddriven tracking of vulnerable information flows. ...
doi:10.1007/978-3-642-37057-1_15
fatcat:vzvyutcwwreaviyips3rd4zlsm
PhASAR: An Inter-procedural Static Analysis Framework for C/C++
[chapter]
2019
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
PhASAR thus hides the complexity of static analysis behind a high-level API, making static program analysis more accessible and easy to use. PhASAR is available as an open-source project. ...
Analyzing 12 real-world programs using a taint analysis written in PhASAR, we found PhASAR's abstractions and their implementations to provide a whole-program analysis that scales well to real-world programs ...
The analysis acts as a baseline as it is the most efficient IFDS/IDE analysis that can possibly be implemented. T implements a taint analysis. ...
doi:10.1007/978-3-030-17465-1_22
fatcat:gu2ncouuzrcavbqaiihf5ol57i
Static Detection of Packet Injection Vulnerabilities
2015
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
If paths with weak constraints exist, a vulnerability may be revealed immediately. ...
The analysis operates in two steps. First, it identifies the critical paths and constraints that lead to accepting an incoming packet. ...
To achieve context sensitivity, our static taint analysis needs to be performed in an inter-procedural data flow analysis framework, with two major choices: IFDS/IDE framework [42, 44] , and summary-based ...
doi:10.1145/2810103.2813643
dblp:conf/ccs/ChenQJSM15
fatcat:ygzuckqmrjbmxpusn3y7h2yq64
« Previous
Showing results 1 — 15 out of 85 results