Vulnerabilities Detection via Static Taint Analysis
نویسندگان
چکیده
منابع مشابه
Static analysis for detecting taint-style vulnerabilities in web applications
The number and the importance of web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error-prone and costly, the need for automated solutions has become evident. In this paper, we address the problem of vulnerable web applications ...
متن کاملStatic Exploration of Taint-Style Vulnerabilities Found by Fuzzing
Taint-style vulnerabilities comprise a majority of fuzzer discovered program faults. These vulnerabilities usually manifest as memory access violations caused by tainted program input. Although fuzzers have helped uncover a majority of taint-style vulnerabilities in software to date, they are limited by (i) extent of test coverage; and (ii) the availability of fuzzable test cases. Therefore, fu...
متن کاملAndroid Privacy Leak Detection via Dynamic Taint Analysis
Android is a popular Linux-based smartphone operating system designed by Google. One of the primary adantages of Android is its relatively high level of security, centered on Unix processes and an explicit permissions system. Unfortunately, Android devices are still vulnerable to several types of attacks, a particularly concerning one being privacy leaks. Since devices store a large amount of s...
متن کاملIntrusion Detection via Static Analysis
One of the primary challenges in intrusion detection is modelling typical application behavior, so that we can recognize attacks by their atypical effects without raising too many false alarms. We show how static analysis may be used to automatically derive a model of application behavior. The result is a host-based intrusion detection system with three advantages: a high degree of automation, ...
متن کاملPrivacy Assessment Using Static Taint Analysis (Tool Paper)
When developing and maintaining distributed systems, auditing privacy properties gains more and more relevance. Nevertheless, this task is lacking support of automated tools and, hence, is mostly carried out manually. We present a formal approach which enables auditors to model the flow of critical data in order to shed new light on a system and to automatically verify given privacy constraints...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Proceedings of the Institute for System Programming of the RAS
سال: 2019
ISSN: 2079-8156,2220-6426
DOI: 10.15514/ispras-2019-31(3)-14