TY - GEN
T1 - Hybrid Pruning
T2 - 19th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2022
AU - Das, Dipanjan
AU - Bose, Priyanka
AU - Machiry, Aravind
AU - Mariani, Sebastiano
AU - Shoshitaishvili, Yan
AU - Vigna, Giovanni
AU - Kruegel, Christopher
N1 - Funding Information:
Acknowledgements. We thank our shepherd Daniele Cono D’Elia and anonymous reviewers for their valuable feedback. This material is based upon work supported by ONR under Award No. N00014-17-1-2897.
Publisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2022
Y1 - 2022
N2 - Pointer and taint analyses are the building blocks for several other static analysis techniques. Unfortunately, these techniques frequently sacrifice precision in favor of scalability by over-approximating program behaviors. Scaling these analyses to real-world codebases written in memory-unsafe languages while retaining precision under the constraint of practical time and resource budgets is an open problem. In this paper, we present a novel technique called hybrid pruning, where we inject the information collected from a program’s dynamic trace, which is accurate by its very nature, into a static pointer or taint analysis system to enhance its precision. We also tackle the challenge of combining static and dynamic analyses, which operate in two different analysis domains, in order to make the interleaving possible. Finally, we show the usefulness of our approach by reducing the false positives emitted by a static vulnerability detector that consumes the improved points-to and taint information. On our dataset of 12 CGC and 8 real-world applications, our hybrid approach cuts down the warnings up to 21 % over vanilla static analysis, while reporting 19 out of 20 bugs in total.
AB - Pointer and taint analyses are the building blocks for several other static analysis techniques. Unfortunately, these techniques frequently sacrifice precision in favor of scalability by over-approximating program behaviors. Scaling these analyses to real-world codebases written in memory-unsafe languages while retaining precision under the constraint of practical time and resource budgets is an open problem. In this paper, we present a novel technique called hybrid pruning, where we inject the information collected from a program’s dynamic trace, which is accurate by its very nature, into a static pointer or taint analysis system to enhance its precision. We also tackle the challenge of combining static and dynamic analyses, which operate in two different analysis domains, in order to make the interleaving possible. Finally, we show the usefulness of our approach by reducing the false positives emitted by a static vulnerability detector that consumes the improved points-to and taint information. On our dataset of 12 CGC and 8 real-world applications, our hybrid approach cuts down the warnings up to 21 % over vanilla static analysis, while reporting 19 out of 20 bugs in total.
KW - Pointer analysis
KW - Static vulnerability detection
KW - Taint analysis
UR - http://www.scopus.com/inward/record.url?scp=85134288660&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85134288660&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-09484-2_1
DO - 10.1007/978-3-031-09484-2_1
M3 - Conference contribution
AN - SCOPUS:85134288660
SN - 9783031094835
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 1
EP - 22
BT - Detection of Intrusions and Malware, and Vulnerability Assessment - 19th International Conference, DIMVA 2022, Proceedings
A2 - Cavallaro, Lorenzo
A2 - Gruss, Daniel
A2 - Pellegrino, Giancarlo
A2 - Giacinto, Giorgio
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 29 June 2022 through 1 July 2022
ER -