SwordDTA: A dynamic taint analysis tool for software vulnerability detection

Cai, Jun; Zou, Peng; Ma, Jun; He, Jun

doi:10.1007/s11859-016-1133-1

Cited by 19 publications

(7 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…As principais ferramentas encontradas na revisão sistemática, listadas na Tabela 4, trazem funcionalidades voltadas ao teste de seguranc ¸a, como o teste de invasão e análise estática [Cai et al 2016, Nunes et al 2018, Trunde and Weippl 2015. Ao todo foram selecionados 21 artigos para esta subsec ¸ão.…”

Section: Ferramentas E Frameworkunclassified

Desenvolvimento Seguro de Sistemas Web: Uma Revisão Sistemática

Malacarne

Camargo

2021

Anais Da v Escola Regional De Engenharia De Software (ERES 2021)

View full text Add to dashboard Cite

O objetivo deste trabalho é apresentar uma revisão sistemática sobre o desenvolvimento de aplicações Web a partir das principais vulnerabilidades de segurança encontradas na lista OWASP TOP10. Esta revisão sistemática visa identificar pesquisas, ferramentas e metodologias que proporcionam formas seguras de desenvolver sistemas Web. Inicialmente foram encontrados 165 trabalhos, sendo desses 89 selecionados como relevantes. Resultados apresentam os trabalhos que tratam das principais vulnerabilidades descritas na OWASP TOP 10, e as principais ferramentas e métodos para projeto e desenvolvimento de um software seguro.

show abstract

Section: Ferramentas E Frameworkunclassified

Desenvolvimento Seguro de Sistemas Web: Uma Revisão Sistemática

Malacarne

Camargo

2021

Anais Da v Escola Regional De Engenharia De Software (ERES 2021)

View full text Add to dashboard Cite

show abstract

“…Therefore, the concatenated String value is tainted and when it used as input to eval the instrumentation throws an error to prevent the code it contains from being executed. Dynamic taint analysis also has applications to vulnerability detection in binaries [20], attack prevention [32,37,47,54,56,57,64,68], malware analysis [28,46,49,65,67], fuzz-testing [21,22,30,34], debugging [24], program comprehension [44,45,66], reverse engineering [19,25,27], and other fields.…”

Section: Dynamic Taint Analysismentioning

confidence: 99%

“…The operator, such as + or !, is provided as metadata by the instrumented node. Some taint analysis applications, such as Cai et al [20], require this metadata to determine, e.g., whether an overflow occurred in the operation. Furthermore, it is not uncommon in low-level taint analyses to drop taint when, e.g., a value is XOR'd with itself or ANDed with a constant 0.…”

Section: Propagation Semanticsmentioning

confidence: 99%

“…Dynamic taint analysis has been used extensively to tackle problems of various fields [55]. For example, by tainting data from untrusted sources such as user input such data can be prevented from being used in program locations at which code injection vulnerabilities may occur [20,46]. However, previous implementations of dynamic taint analysis are all limited to a single programming language or program representation, and therefore fail to propagate taint when data crosses language boundaries.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Multi-language dynamic taint analysis in a polyglot virtual machine

Kreindl¹,

Bonetta

Leopoldseder³

et al. 2020

Proceedings of the 17th International Conference on Managed Programming Languages and Runtimes

View full text Add to dashboard Cite

Dynamic taint analysis is a popular program analysis technique in which sensitive data is marked as tainted and the propagation of tainted data is tracked in order to determine whether that data reaches critical program locations. This analysis technique has been successfully applied to software vulnerability detection, malware analysis, testing and debugging, and many other fields. However, existing approaches of dynamic taint analysis are either languagespecific or they target native code. Neither is suitable for analyzing applications in which high-level dynamic languages such as JavaScript and low-level languages such as C interact. In these approaches, the language boundary forms an opaque barrier that prevents a sound analysis of data flow in the other language and can thus lead to the analysis being evaded.In this paper we introduce TruffleTaint, a platform for multilanguage dynamic taint analysis that uses language-independent techniques for propagating taint labels to overcome the language boundary but still allows for language-specific taint propagation rules. Based on the Truffle framework for implementing runtimes for programming languages, TruffleTaint supports propagating taint in and between a selection of dynamic and low-level programming languages and can be easily extended to support additional languages. We demonstrate TruffleTaint's propagation capabilities and evaluate its performance using several benchmarks from the Computer Language Benchmarks Game, which we implemented as combinations of C, JavaScript and Python code and which we adapted to propagate taint in various scenarios of language interaction. Our evaluation shows that TruffleTaint causes low to zero slowdown when no taint is introduced, rivaling state-of-the-art dynamic taint analysis platforms, and only up to ∼40x slowdown when taint is introduced.

show abstract

“…SwordDTA [20] proposed by CAJ Jun detects malware through vulnerability modeling and taint propagation. For mobile Atlantis Highlights in Engineering, volume 3 malware detection, Y Aafer proposed DroidAPIMiner [21] to extract the relevant functions of the captured API-level malware.…”

Section: F Malware Detectionmentioning

confidence: 99%

A Review of Researching on Dynamic Taint Analysis Technique

Dai¹,

Pan²,

Li³

2018

Proceedings of the 2018 3rd Joint International Information Technology，Mechanical and Electronic Engineering Conference (JIMEC

View full text Add to dashboard Cite

Taint analysis technique is the key technique means for analyzing the robustness of programs and vulnerability mining. By marking the data which are sensitive or untrusted, one can observe the flow of these tainted data during program execution, then determine whether the marked data affects the key nodes of the program. According to the implementation mechanism, the taint analysis can be divided into static taint analysis and dynamic taint analysis. As an auxiliary technique, it can be combined with mainstream vulnerability mining techniques such as fuzzing test and symbol execution, playing a great role in test case construction and path feasibility analysis. This article firstly introduces the basic concepts of dynamic taint analysis technique. Second, it focuses on the process of dynamic taint marking, propagation and detection. Then it summarizes the main defects in taint analysis and the application status of dynamic taint analysis technique. Finally, it is compared with the current mainstream taint analysis tools and explores the future trends of taint analysis technique.

show abstract

SwordDTA: A dynamic taint analysis tool for software vulnerability detection

Cited by 19 publications

References 9 publications

Desenvolvimento Seguro de Sistemas Web: Uma Revisão Sistemática

Desenvolvimento Seguro de Sistemas Web: Uma Revisão Sistemática

Multi-language dynamic taint analysis in a polyglot virtual machine

A Review of Researching on Dynamic Taint Analysis Technique

Contact Info

Product

Resources

About