Hybrid Pruning: Towards Precise Pointer and Taint Analysis

Dipanjan Das; Priyanka Bose; Aravind Machiry; Sebastiano Mariani; Yan Shoshitaishvili; Giovanni Vigna; Christopher Kruegel

doi:10.1007/978-3-031-09484-2_1

Hybrid Pruning: Towards Precise Pointer and Taint Analysis

Dipanjan Das, Priyanka Bose, Aravind Machiry, Sebastiano Mariani, Yan Shoshitaishvili, Giovanni Vigna, Christopher Kruegel

Engineering, Ira A. Fulton Schools of (IAFSE)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Scopus citations

Abstract

Pointer and taint analyses are the building blocks for several other static analysis techniques. Unfortunately, these techniques frequently sacrifice precision in favor of scalability by over-approximating program behaviors. Scaling these analyses to real-world codebases written in memory-unsafe languages while retaining precision under the constraint of practical time and resource budgets is an open problem. In this paper, we present a novel technique called hybrid pruning, where we inject the information collected from a program’s dynamic trace, which is accurate by its very nature, into a static pointer or taint analysis system to enhance its precision. We also tackle the challenge of combining static and dynamic analyses, which operate in two different analysis domains, in order to make the interleaving possible. Finally, we show the usefulness of our approach by reducing the false positives emitted by a static vulnerability detector that consumes the improved points-to and taint information. On our dataset of 12 CGC and 8 real-world applications, our hybrid approach cuts down the warnings up to 21 % over vanilla static analysis, while reporting 19 out of 20 bugs in total.

Original language	English (US)
Title of host publication	Detection of Intrusions and Malware, and Vulnerability Assessment - 19th International Conference, DIMVA 2022, Proceedings
Editors	Lorenzo Cavallaro, Daniel Gruss, Giancarlo Pellegrino, Giorgio Giacinto
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	1-22
Number of pages	22
ISBN (Print)	9783031094835
DOIs	https://doi.org/10.1007/978-3-031-09484-2_1
State	Published - 2022
Event	19th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2022 - Cagliari, Italy Duration: Jun 29 2022 → Jul 1 2022

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13358 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	19th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2022
Country/Territory	Italy
City	Cagliari
Period	6/29/22 → 7/1/22

Keywords

Pointer analysis
Static vulnerability detection
Taint analysis

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-031-09484-2_1

Cite this

Das, D., Bose, P., Machiry, A., Mariani, S., Shoshitaishvili, Y., Vigna, G., & Kruegel, C. (2022). Hybrid Pruning: Towards Precise Pointer and Taint Analysis. In L. Cavallaro, D. Gruss, G. Pellegrino, & G. Giacinto (Eds.), Detection of Intrusions and Malware, and Vulnerability Assessment - 19th International Conference, DIMVA 2022, Proceedings (pp. 1-22). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13358 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-09484-2_1

Hybrid Pruning: Towards Precise Pointer and Taint Analysis. / Das, Dipanjan; Bose, Priyanka; Machiry, Aravind et al.
Detection of Intrusions and Malware, and Vulnerability Assessment - 19th International Conference, DIMVA 2022, Proceedings. ed. / Lorenzo Cavallaro; Daniel Gruss; Giancarlo Pellegrino; Giorgio Giacinto. Springer Science and Business Media Deutschland GmbH, 2022. p. 1-22 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13358 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Das, D, Bose, P, Machiry, A, Mariani, S, Shoshitaishvili, Y, Vigna, G & Kruegel, C 2022, Hybrid Pruning: Towards Precise Pointer and Taint Analysis. in L Cavallaro, D Gruss, G Pellegrino & G Giacinto (eds), Detection of Intrusions and Malware, and Vulnerability Assessment - 19th International Conference, DIMVA 2022, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13358 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 1-22, 19th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2022, Cagliari, Italy, 6/29/22. https://doi.org/10.1007/978-3-031-09484-2_1

Das D, Bose P, Machiry A, Mariani S, Shoshitaishvili Y, Vigna G et al. Hybrid Pruning: Towards Precise Pointer and Taint Analysis. In Cavallaro L, Gruss D, Pellegrino G, Giacinto G, editors, Detection of Intrusions and Malware, and Vulnerability Assessment - 19th International Conference, DIMVA 2022, Proceedings. Springer Science and Business Media Deutschland GmbH. 2022. p. 1-22. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-09484-2_1

Das, Dipanjan ; Bose, Priyanka ; Machiry, Aravind et al. / Hybrid Pruning : Towards Precise Pointer and Taint Analysis. Detection of Intrusions and Malware, and Vulnerability Assessment - 19th International Conference, DIMVA 2022, Proceedings. editor / Lorenzo Cavallaro ; Daniel Gruss ; Giancarlo Pellegrino ; Giorgio Giacinto. Springer Science and Business Media Deutschland GmbH, 2022. pp. 1-22 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{b527afcc8f8d44b1a867d0684a0bd458,

title = "Hybrid Pruning: Towards Precise Pointer and Taint Analysis",

abstract = "Pointer and taint analyses are the building blocks for several other static analysis techniques. Unfortunately, these techniques frequently sacrifice precision in favor of scalability by over-approximating program behaviors. Scaling these analyses to real-world codebases written in memory-unsafe languages while retaining precision under the constraint of practical time and resource budgets is an open problem. In this paper, we present a novel technique called hybrid pruning, where we inject the information collected from a program{\textquoteright}s dynamic trace, which is accurate by its very nature, into a static pointer or taint analysis system to enhance its precision. We also tackle the challenge of combining static and dynamic analyses, which operate in two different analysis domains, in order to make the interleaving possible. Finally, we show the usefulness of our approach by reducing the false positives emitted by a static vulnerability detector that consumes the improved points-to and taint information. On our dataset of 12 CGC and 8 real-world applications, our hybrid approach cuts down the warnings up to 21 % over vanilla static analysis, while reporting 19 out of 20 bugs in total.",

keywords = "Pointer analysis, Static vulnerability detection, Taint analysis",

author = "Dipanjan Das and Priyanka Bose and Aravind Machiry and Sebastiano Mariani and Yan Shoshitaishvili and Giovanni Vigna and Christopher Kruegel",

note = "Funding Information: Acknowledgements. We thank our shepherd Daniele Cono D{\textquoteright}Elia and anonymous reviewers for their valuable feedback. This material is based upon work supported by ONR under Award No. N00014-17-1-2897. Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; 19th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2022 ; Conference date: 29-06-2022 Through 01-07-2022",

year = "2022",

doi = "10.1007/978-3-031-09484-2_1",

language = "English (US)",

isbn = "9783031094835",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "1--22",

editor = "Lorenzo Cavallaro and Daniel Gruss and Giancarlo Pellegrino and Giorgio Giacinto",

booktitle = "Detection of Intrusions and Malware, and Vulnerability Assessment - 19th International Conference, DIMVA 2022, Proceedings",

address = "Germany",

}

TY - GEN

T1 - Hybrid Pruning

T2 - 19th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2022

AU - Das, Dipanjan

AU - Bose, Priyanka

AU - Machiry, Aravind

AU - Mariani, Sebastiano

AU - Shoshitaishvili, Yan

AU - Vigna, Giovanni

AU - Kruegel, Christopher

N1 - Funding Information: Acknowledgements. We thank our shepherd Daniele Cono D’Elia and anonymous reviewers for their valuable feedback. This material is based upon work supported by ONR under Award No. N00014-17-1-2897. Publisher Copyright: © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

PY - 2022

Y1 - 2022

N2 - Pointer and taint analyses are the building blocks for several other static analysis techniques. Unfortunately, these techniques frequently sacrifice precision in favor of scalability by over-approximating program behaviors. Scaling these analyses to real-world codebases written in memory-unsafe languages while retaining precision under the constraint of practical time and resource budgets is an open problem. In this paper, we present a novel technique called hybrid pruning, where we inject the information collected from a program’s dynamic trace, which is accurate by its very nature, into a static pointer or taint analysis system to enhance its precision. We also tackle the challenge of combining static and dynamic analyses, which operate in two different analysis domains, in order to make the interleaving possible. Finally, we show the usefulness of our approach by reducing the false positives emitted by a static vulnerability detector that consumes the improved points-to and taint information. On our dataset of 12 CGC and 8 real-world applications, our hybrid approach cuts down the warnings up to 21 % over vanilla static analysis, while reporting 19 out of 20 bugs in total.

AB - Pointer and taint analyses are the building blocks for several other static analysis techniques. Unfortunately, these techniques frequently sacrifice precision in favor of scalability by over-approximating program behaviors. Scaling these analyses to real-world codebases written in memory-unsafe languages while retaining precision under the constraint of practical time and resource budgets is an open problem. In this paper, we present a novel technique called hybrid pruning, where we inject the information collected from a program’s dynamic trace, which is accurate by its very nature, into a static pointer or taint analysis system to enhance its precision. We also tackle the challenge of combining static and dynamic analyses, which operate in two different analysis domains, in order to make the interleaving possible. Finally, we show the usefulness of our approach by reducing the false positives emitted by a static vulnerability detector that consumes the improved points-to and taint information. On our dataset of 12 CGC and 8 real-world applications, our hybrid approach cuts down the warnings up to 21 % over vanilla static analysis, while reporting 19 out of 20 bugs in total.

KW - Pointer analysis

KW - Static vulnerability detection

KW - Taint analysis

UR - http://www.scopus.com/inward/record.url?scp=85134288660&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85134288660&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-09484-2_1

DO - 10.1007/978-3-031-09484-2_1

M3 - Conference contribution

AN - SCOPUS:85134288660

SN - 9783031094835

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 1

EP - 22

BT - Detection of Intrusions and Malware, and Vulnerability Assessment - 19th International Conference, DIMVA 2022, Proceedings

A2 - Cavallaro, Lorenzo

A2 - Gruss, Daniel

A2 - Pellegrino, Giancarlo

A2 - Giacinto, Giorgio

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 29 June 2022 through 1 July 2022

ER -