Type-based dynamic taint analysis technology

Jianwei Zhuge, Libo Chen, Fan Tian, Youzhi Bao, Xun Lu

Research output: Contribution to journalArticlepeer-review

6 Scopus citations

Abstract

A type-based dynamic taint analysis (DTA) was developed to provide binary-level with semantic analyses to detect software vulnerabilities. The system marks input variables as tainted and adds types and symbol values as attributes to the taints. Type information within functions and instructions is used to track the propagation of tainted variables. Type-aware taint propagation and type-oriented forward symbolic execution are used to get the propagation maps for the tainted variables and path conditions, which are used to calculate desired constraints on the inputs. Thus, the system knows the propagation mechanisms of the input variables in the data flow as well as their impact in the control flow, which leads to a better understanding of the vulnerability semantics. This technology is applied here to analyze a browser-based vulnerability using dynamic binary instrumentation to inject the analysis codes into the target process to dynamically analyze the tainting. The detection checks whether the process illegally uses the tainted data. The result is combined with symbolic execution to calculate the input constraints. The information for both data and control flow dependencies embedded in the vulnerability signatures can be identified. Tests on seven known vulnerabilities show that the typed DTA significantly improves the semantics for the analysis of vulnerability mechanisms and produces more comprehensible and usable vulnerability signatures.

Original languageEnglish (US)
Pages (from-to)1320-1328+1334
JournalQinghua Daxue Xuebao/Journal of Tsinghua University
Volume52
Issue number10
StatePublished - Oct 2012
Externally publishedYes

Keywords

  • Dynamic taint analysis (DTA)
  • Software vulnerabilities
  • Symbolic execution
  • Taint propagation
  • Type information
  • Vulnerability signatures

ASJC Scopus subject areas

  • General Engineering
  • Computer Science Applications
  • Applied Mathematics

Fingerprint

Dive into the research topics of 'Type-based dynamic taint analysis technology'. Together they form a unique fingerprint.

Cite this