Paper Info
Title
Taint Dependency Sequences: A Characterization of Insecure Execution Paths Based on Input-Sensitive Cause Sequences
Abstract
Numerous software vulnerabilities can be activated only with dedicated user inputs. Taint analysis is a security check which consists in looking for possible dependency chains between user inputs and vulnerable statements (like array accesses). Most of the existing static taint analysis tools produce some warnings on potentially vulnerable program locations. It is then up to the developer to analyze these results by scanning the possible execution paths that may lead to these locations with unsecured user inputs. We present a Taint Dependency Sequences Calculus, based on a fine-grain data and control taint analysis, that aims to help the developer in this task by providing some information on the set of paths that need to be analyzed. Following some ideas introduced in [1], [2], we also propose some metrics to characterize these paths in term of "dangerousness". This approach is illustrated with the help of the Verisec Suite [3] and by describing a prototype, called STAC.
Year
DOI
Venue
2010
10.1109/ICSTW.2010.28
Software Testing, Verification, and Validation Workshops
Keywords
Field
DocType
insecure execution,unsecured user input,possible dependency chain,user input,taint analysis,control taint analysis,taint dependency sequences,input-sensitive cause sequences,existing static taint analysis,dedicated user input,vulnerable statement,vulnerable program location,possible execution path,information analysis,computer languages,prototypes,security,face detection,software testing,calculus,servers,numerical software
Suite,Computer science,Server,Taint checking,Software,Program testing,Vulnerability,Distributed computing,Vulnerability detection
Conference
ISBN
Citations 
PageRank 
978-1-4244-6773-0
12
0.77
References 
Authors
14
3
Name
Order
Citations
PageRank
Dumitru Ceara1141.14
Laurent Mounier2118779.54
Marie-Laure Potet319021.34