Abstract | ||
---|---|---|
For the purpose of discovering security flaws in software, many dynamic and static taint analyzing techniques have been proposed. The dynamic techniques can precisely find the security flaws of the software; but it suffers from substantial runtime overhead. On the other hand, the static techniques require no runtime overhead; but it is often not accurate enough. In this paper, we propose HYBit, a novel hybrid framework which integrates dynamic and static taint analysis to diagnose the security flaws for binary programs. In the framework, the source binary is first analyzed by the dynamic taint analyzer; then, with the runtime information provided by its dynamic counterpart, the static taint analyzer can process the unexecuted part of the target program easily. Furthermore, a taint behavior filtration mechanism is proposed to optimize the performance of the framework. We evaluate our framework from three perspectives: efficiency, coverage, and effectiveness, and the results are encouraging. © 2013 Springer-Verlag Berlin Heidelberg. |
Year | DOI | Venue |
---|---|---|
2013 | 10.1007/978-3-642-38715-9-28 | ICSI |
Keywords | DocType | Volume |
binary taint analysis,dynamic analysis,security,software flaw/vulnerability,static analysis | Conference | 7929 LNCS |
Issue | ISSN | Citations |
PART 2 | 16113349 | 2 |
PageRank | References | Authors |
0.37 | 9 | 6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Erzhou Zhu | 1 | 19 | 7.13 |
Haibing Guan | 2 | 1106 | 105.35 |
Alei Liang | 3 | 71 | 15.66 |
Rongbin Xu | 4 | 37 | 10.01 |
Xuejian Li | 5 | 4 | 0.73 |
Feng Liu | 6 | 15 | 4.07 |