Li Fang Han,Ting,Kun Lun Gao,Nan Liu,Bao Jiang Cui

DOI: https://doi.org/10.4028/www.scientific.net/amm.602-605.3846

2014-01-01

Applied Mechanics and Materials

Abstract:Java applications have proliferated rapidly in recent years, and the security issue in the source code seems to bring a great threat which cannot be ignored. SQL injection and cross-site scripting vulnerabilities, path traversal, and so on are common Java security vulnerabilities. These vulnerabilities are usually caused by improper handling of user input and we call them input validation vulnerabilities [1].In this paper, we propose a Java source code analysis method based on the taint tracking. By means of vulnerability pattern match, we keep track of the introduction of tainted data and its propagation in different contexts, leading to comprehensive and accurate test results. Actually, we have applied this method to some of the open-source Java projects. Compared to other similar software, our technique presents good feasibility and superiority.

Zhi-yuan WAN,Bo ZHOU

DOI: https://doi.org/10.3785/j.issn.1008-973x.2015.04.011

2015-01-01

Abstract:An approach based on static information flow tracking was proposed to detect input validation vulnerabilities in order to reduce the false positive rate of vulnerability detection techniques based on static analysis.The approach was implemented on top of the static code analysis tool FindBugs.The performance and precision of our approach were evaluated.Experimental results show that our approach can effectively detect input validation vulnerabilities.The false positive rate of FindBugs was reduced by 55.7% without significantly slowing the performance.

Heping Tang,Shuguang Huang,Yongliang Li,Lei Bao

DOI: https://doi.org/10.1109/ICCET.2010.5485224

2010-01-01

Abstract:Untrusted Data originating from network input and configuration files, causes many software security problems. Keeping track of the propagation of untrusted data in program runtime is the main idea of dynamic taint analysis for vulnerability exploits detection. In this method data from network user input and configuration files were labeled as taint. In virtue of data flow analysis we design taint propagating algorithm, and define several taint detection policies for security-critical function which used taint data in dangerous ways that could cause vulnerability exploit. A vulnerability exploit detection prototype system was implemented. In contrast to other taint analysis systems, our prototype system has higher accuracy and vulnerability exploits coverage and low workloads.

Yifei Xiao,Dahai Jin,Dalin Zhang

DOI: https://doi.org/10.2991/icmmcce-15.2015.435

2015-01-01

Abstract:In the modern society, with the high-speed development of computer science and technology, the wave of the Internet economy is around the world, the use of computer software in every corner of our lives, various applications emerge in endlessly, people pay more and more attention on software security. Tainted data which comes from the external input variables and has been used by some function without detection of legitimacy is a kind of code security defect. In this paper, the author provides a detailed analysis and classification on the cause of the security defect, and introduces a method of tainted data detection based on static code analysis. The detection method preprocesses the code firstly to create abstract syntax tree, symbol table, control flow graph and function call graph. To analysis the relationship between the function calls, the author uses the function summary instead of expansion of the functions. In the last, by using this method to detect some open source projects, the experiment shows that this method has both lower positive rate and negative rate.

Ruoyu Zhang,Shiqiu Huang,Zhengwei Qi,Haibing Guan

DOI: https://doi.org/10.1016/j.camwa.2011.08.001

IF: 3.218

2012-01-01

Computers & Mathematics with Applications

Abstract:The evolution of computer science has exposed us to the growing gravity of security problems and threats. Dynamic taint analysis is a prevalent approach to protect a program from malicious behaviors, but fails to provide any information about the code which is not executed. This paper describes a novel approach to overcome the limitation of traditional dynamic taint analysis by integrating static analysis into the system and presents framework SDCF to detect software vulnerabilities with high code coverage. Our experiments show that SDCF is not only able to provide efficient runtime protection by introducing an overhead of 4.16× based on the taint tracing technique, but is also capable of discovering latent software vulnerabilities which have not been exploited, and achieve code coverage of more than 90%.

唐和平,黄曙光,张亮

DOI: https://doi.org/10.3969/j.issn.1002-137x.2010.07.036

2010-01-01

Computer Science

Abstract:Untrusted data originating from network user input and configuration files,causes many software security problems,when operated by security-critical function without strict data validation.Keeping track of the propagation of untrusted data is the main idea of dynamic taint analysis for vulnerability exploits detection.Data derived from network user input and configuration files were labeled as taint.Executed taint propagating algorithm by virtue of data flow analysis,and carried out several taint detection policies for each security-critical function.A vulnerability exploits detection prototype system was implemented on open source emulator and many optimization mechanisms were deployed.

Bo Shuai,Mengjun Li,Haifeng Li,Quan Zhang,Chaojing Tang

DOI: https://doi.org/10.1109/CECNet.2013.6703400

2013-01-01

Abstract:In order to solve the problems of traditional Fuzzing technique for software vulnerability detection, this paper proposes a novel method based on genetic algorithm and dynamic taint analysis. First, static analysis is applied to calculate the critical path information, including danger functions, high cyclomatic number functions and loop structures. Second, dynamic taint analysis is introduced to identify the key bytes to reduce the input space. Third, the genetic algorithm fitness function is constructed based on the critical path information to guide the test case generation and the genetic operators are executed on the reduced input space. Experiments show that the method could obtain higher vulnerability detection accuracy and efficiency.

TANG He-ping,HUANG Shu-guang,ZHANG Liang

2010-01-01

Abstract:Software vulnerabilities have become an omnipresent and dangerous threat to network security.Vulnerability Exploits Detection is proposed to take active defense measures to monitor system state and cut exploit data sources off or terminate program execution before exploitation.Taint analysis for vulnerability exploits detection is composed of taint propagation link,taint propagation,taint analysis and taint track.A Vulnerability exploits detection prototype system was implemented by emulator and many optimization mechanisms.In contrast to the experiment result of other taint analysis systems,our prototype system has higher accuracy and vulnerability exploits coverage.

Zhang Xing,Zhang Bin,Feng Chao,Zhang Quan

DOI: https://doi.org/10.1051/itmconf/20160703003

2016-01-01

ITM Web of Conferences

Abstract:Nowadays binary static analysis uses dangerous system library function to detect stack overflow vulnerary in program and there is no effective way to dig out the function which can cause stack overflow issue. List necessarily characteristics of the function which may cause stack overflow vulnerary and define stack overflow dangerous function(SODF). Then introduce static taint analysis to detect SODF include taint introduction, taint propagation and taint checking stragety. Next describe the particular process of detecting SODF in the program with static taint analysis. Finally choose 4 runtime library and 2 binary software, and detect whether the chosen software has SODF and locate the name of SODF with static taint analysis. Testing result shows that the algorithm can detect and locate plenty of SODF in test program which means the algorithm can work efficiently.

Liu Xingbo,Li Yuanlin,Yu mingjun,Zheng Yan,Yu Jinlong,Guo Yunfeng,Kong Huafeng,Qiang Weizhong

DOI: https://doi.org/10.3969/j.issn.1000-386x.2022.11.045

2022-01-01

Abstract:Taint analysis technology is an important technical means for vulnerability detection. Due to the lack of additional information at runtime, using static taint analysis technology to detect code will produce many false positives. Based on the taint analysis technology, this paper proposes a more fine-grained taint analysis method for Web vulnerabilities. A more accurate object status record was generated during code analysis. The execution path of the code was judged and the stain and sink transfer processes were accurately recorded, which effectively reduced over-pollution and under-pollution. The symbol execution tool was used to verify the reachability of the vulnerability location, and some false vulnerability warnings could be eliminated, which effectively reduced the false positive and false negative rates.

KONG De-guang,ZHENG Quan,CHEN Chao,SHUAI Jian-mei,ZHU Ming,DAI Wei

2008-01-01

Abstract:To cope with the problem of high false positives and false negatives in source code static analysis methods,this paper presents a source code static analysis technology for vulnerability detection based on data fusion.This technology interprets and makes data fusion on the outcome of different static analysis methods,which greatly decrease the false positives and false negatives.A prototype system of scalable source code analysis tool is designed and implemented which can automatically search for the best result based on feedback of the users.It is proved by experiment that this method has a better performance with lower false positives and false negatives compared with one single method.

Weina Niu,Xiaosong Zhang,Xiaojiang Du,Lingyuan Zhao,Rong Cao,Mohsen Guizani

DOI: https://doi.org/10.1016/j.measurement.2019.107139

IF: 5.6

2019-01-01

Measurement

Abstract:Computer system vulnerabilities, computer viruses, and cyber attacks are rooted in software vulnerabilities. Reducing software defects, improving software reliability and security are urgent problems in the development of software. The core content is the discovery and location of software vulnerability. However, traditional human experts-based approaches are labor-consuming and time-consuming. Thus, some automatic detection approaches are proposed to solve the problem. But, they have a high false negative rate. In this paper, a deep learning based static taint analysis approach is proposed to automatically locate Internet of Things (IoT) software vulnerability, which can relieve tedious manual analysis and improve detection accuracy. Deep learning is used to detect vulnerability since it considers the program context. Firstly, the taint from the difference file between the source program and its patched program selection rules are designed. Secondly, the taint propagation paths are got using static taint analysis. Finally, the detection model based on two-stage Bidirectional Long Short Term Memory (BLSTM) is applied to discover and locate software vulnerabilities. The Code Gadget Database is used to evaluate the proposed approach, which includes two types of vulnerabilities in C/C++ programs, buffer error vulnerability (CWE-119) and resource management error vulnerability (CWE-399). Experimental results show that our proposed approach can achieve an accuracy of 0.9732 for CWE-119 and 0.9721 for CWE-399, which is higher than that of the other three models (the accuracy of RNN, LSTM, and BLSTM is under than 0.97) and achieve a lower false negative rate and false positive rate than the other approaches. (C) 2019 Published by Elsevier Ltd.

Jingling Zhao,Junxin Qi,Liang Zhou,Baojiang Cui

DOI: https://doi.org/10.1109/IMIS.2016.46

2016-01-01

Abstract:With the continuous development of J2EE technology, frequent attacks using security vulnerabilities in web applications have caused enormous economic loss to the users. Dynamic taint tracking is an important part to analyze the program dynamically. In this paper, we put forward a new dynamic solution in the Java virtual machine, warning external attacks and recording specific taint propagation path. This scheme combines static analysis techniques to collect reachable "source-derivation-sink" taint flow and reduce the runtime overhead. With the help of AOP (aspect-oriented programming) technology, we could only insert monitor codes to interested taint paths to improve the efficiency of instrumentation. Finally, we implemented this dynamic taint tracking approach to explore SQL injection and XSS vulnerabilities in web applications based on the Java Servlet Specification and proved practicality.

Zhang Tao,Chen Xiarun,Chen Zhong

DOI: https://doi.org/10.1109/ICIPCA59209.2023.10257912

2023-01-01

Abstract:As the Internet environment becomes increasingly complex, network security gradually has more and more impact on people's real life. The research on static vulnerability detection is of great significance to the security of software systems. To solve the problems of imperfect technical support for basic analysis and high false alarm rate in the current mainstream static vulnerability detection methods, we design a vulnerability detection method based on taint value range propagation analysis, combining data flow analysis and abstract interpretation to achieve cross-functional variable value range analysis, and combining the identification and analysis of data security checks to achieve an automated vulnerability detection system prototype—RVDetecor, with good performance and detection, and applicable to real-world scenarios. In its analysis of the Linux kernel source code, RVDetecor verified 15 fixed issues.

Kai Cao,Jing He,Wenqing Fan,Wei Huang,Lei Chen,Yue Pan

DOI: https://doi.org/10.1109/icrito.2017.8342466

2017-01-01

Abstract:To detect the vulnerabilities of Web applications which based on the PHP scripting language. This paper proposes a PHP vulnerability detection method based on fine-grained taint analysis algorithm. First of all, this article generates the Abstract Syntax Tree by lexical and grammatical analysis on the PHP, and then produces the corresponding Control Flow Graph. At last, performing taint analysis on the Control Flow Graph. By tracking the program parameters, variables and other external input, marking the input type, propagating to various types of vulnerability function via the taint, and finally according to the tainted types of variable which are outputted to identify the vulnerabilities. We tested 16 programs of Damm Vulnerable Web App and found nine known vulnerabilities.

Yanhui Guo,Lin Yang,Xiaomeng Gao,Kun Wu

DOI: https://doi.org/10.1109/ICNIDC.2016.7974582

2016-01-01

Abstract:With the increasingly rampant malicious attacks of Android terminal, this paper proposes a detection technology of Android platform source code security based on static analysis. The technology uses the existing static analysis technology of Java source code, and joins Android implicit methods invocation processing, at last gets the control flow graph and data flow graph. which are based on Android source code and have no breakpoint. The technology analysis the malicious behavior of Android source code depending on the information flow graph. and then get the main loophole and flaw existed in Android project. Using this technology to detect multiple open source Android projects, the experimental results show that this technology can effectively detect the main loophole and flaw existing in Android source code. What's more, the technology can display complete attack path, which is convenient for developers to modify and maintain the project. Therefore, this technology has high practical value.

Hui HUANG,Yuliang LU,Lintao LIU,Jun ZHAO

DOI: https://doi.org/10.3969/j.issn.0253-2778.2015.07.006

2015-01-01

Journal of University of Science and Technology of China

Abstract:Limited by incomplete call graph analysis and path feasibility analysis ,current static integer overflow defect detection methods generally return results with high false positives . To reduce this inefficiency ,aiming at automatic exploration of the external input triggering integer overflow defects ,a new source code oriented detection method was proposed combining call graph analysis , static taint analysis and static symbolic execution ,in which a field‐sensitive and flow‐sensitive pointer analysis method was proposed for constructing an over‐approximation of the target program’s real call graph ,with a static taint‐sink propagation analysis carried out for calculating the potential external input reachable integer overflow defects , on which flow‐sensitive static symbolic execution is conducted to reduce the false positives introduced by the detection system through justifying the satisfiability of the corresponding defect constraint . Experiments prove the effectiveness of the methodin real‐world integer overflow defect detection and false alarm reduction .

LIU Zhi,ZHANG Xiao-song

DOI: https://doi.org/10.3969/j.issn.1000-1220.2012.01.009

2012-01-01

Abstract:Black-box based fuzzing is the major technique of discovering vulnerability,but it is quite ineffective and cannot analyze unknown input formats.Using taint analysis,we propose a new method of discovering vulnerability targeted at file-reading applications.It locates bytes in input that direct execution to vulnerable points,which will be mutated to generate new test cases;signatures are generated via vulnerability information.We implemented a proof-of-concept system with instrumentation tools and evaluated three real-world vulnerabilities.Experiment results show our approach is able to effectively find vulnerabilities with much fewer test cases,being independent of input formats,and signatures have low false positives and false negatives.

JiaYu Li,Ye Yao,Yian Zhu,Mutitaba,Yongkai Zhang,Hang Li

DOI: https://doi.org/10.1109/icnisc60562.2023.00011

2023-01-01

Abstract:The paper presented and implemented a C-Scanner source code vulnerability detection tool, which can solve the buffer overflow problem. The main idea was to rewrite the source code of a C or C++, so that the resulting code contained the safe version of the old vulnerable functions, which may contain a buffer overflow security problem. If rewriting was not possible, due to some reasons, a warning was issued along with a hint to solve the problem if it was possible. C-Scanner in this paper took the C or C++ source code as input, and then it did a parsing process. Every time it encountered a vulnerable function call, it classified this function call. If this function call was belonging to a category of its interest, then it would rewrite this vulnerable function by a safe version, which prevented the buffer overflow vulnerability.

LI Zhen,ZOU Deqing,WANG Zeli,JIN Hai

DOI: https://doi.org/10.11959/j.issn.2096-109x.2019001

2019-01-01

Abstract:Static software vulnerability detection is mainly divided into two types according to different analysis objects: vulnerability detection for binary code and vulnerability detection for source code. Because the source code contains more semantic information, it is more favored by code auditors. The existing vulnerability detection research works for source code are summarized from four aspects: code similarity-based vulnerability detection, symbolic execution-based vulnerability detection, rule-based vulnerability detection, and machine learning-based vulnerability detection. The vulnerability detection system based on source code similarity and the intelligent software vulnerability detection system for source code are taken as two examples to introduce the process of vulnerability detection in detail.