Title | ||
---|---|---|
Taint Dependency Sequences: A Characterization of Insecure Execution Paths Based on Input-Sensitive Cause Sequences |
Abstract | ||
---|---|---|
Numerous software vulnerabilities can be activated only with dedicated user inputs. Taint analysis is a security check which consists in looking for possible dependency chains between user inputs and vulnerable statements (like array accesses). Most of the existing static taint analysis tools produce some warnings on potentially vulnerable program locations. It is then up to the developer to analyze these results by scanning the possible execution paths that may lead to these locations with unsecured user inputs. We present a Taint Dependency Sequences Calculus, based on a fine-grain data and control taint analysis, that aims to help the developer in this task by providing some information on the set of paths that need to be analyzed. Following some ideas introduced in [1], [2], we also propose some metrics to characterize these paths in term of "dangerousness". This approach is illustrated with the help of the Verisec Suite [3] and by describing a prototype, called STAC. |
Year | DOI | Venue |
---|---|---|
2010 | 10.1109/ICSTW.2010.28 | Software Testing, Verification, and Validation Workshops |
Keywords | Field | DocType |
insecure execution,unsecured user input,possible dependency chain,user input,taint analysis,control taint analysis,taint dependency sequences,input-sensitive cause sequences,existing static taint analysis,dedicated user input,vulnerable statement,vulnerable program location,possible execution path,information analysis,computer languages,prototypes,security,face detection,software testing,calculus,servers,numerical software | Suite,Computer science,Server,Taint checking,Software,Program testing,Vulnerability,Distributed computing,Vulnerability detection | Conference |
ISBN | Citations | PageRank |
978-1-4244-6773-0 | 12 | 0.77 |
References | Authors | |
14 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Dumitru Ceara | 1 | 14 | 1.14 |
Laurent Mounier | 2 | 1187 | 79.54 |
Marie-Laure Potet | 3 | 190 | 21.34 |