M. V. Belyaev, N. V. Shimchik, V. N. Ignatyev, A. A. Belevancev, “Comparative analysis of two approaches to the static taint analysis”, Proceedings of ISP RAS, 29:3 (2017), 99

Proceedings of the Institute for System Programming of the RAS

RUS ENG

JOURNALS PEOPLE ORGANISATIONS CONFERENCES SEMINARS VIDEO LIBRARY PACKAGE AMSBIB

JavaScript is disabled in your browser. Please switch it on to enable full functionality of the website

	General information
	Latest issue
	Archive

	Search papers
	Search references

	RSS
	Latest issue
	Current issues
	Archive issues
	What is RSS

Proceedings of ISP RAS:
Year:
Volume:
Issue:
Page:
	Find

Personal entry:
Login:
Password:
	Save password
	Enter
	Forgotten password?
	Register

Proceedings of the Institute for System Programming of the RAS, 2017, Volume 29, Issue 3, Pages 99–116
DOI: https://doi.org/10.15514/ISPRAS-2017-29(3)-7 (Mi tisp224)

This article is cited in 2 scientific papers (total in 2 papers)

Comparative analysis of two approaches to the static taint analysis

M. V. Belyaev^a, N. V. Shimchik^a, V. N. Ignatyev^a, A. A. Belevancev^ba

^a Institute for System Programming of the Russian Academy of Sciences
^b Lomonosov Moscow State University

Full-text PDF (669 kB) Citations (2)

References:

PDF

HTML

DOI: https://doi.org/10.15514/ISPRAS-2017-29(3)-7

Abstract: Currently, one of the most efficient ways to find software security problems is taint analysis. It can be based on static analysis and successfully detect errors that lead to vulnerabilities, such as code injection or leaks of private information. Several different ways exist for the implementation of the algorithm for the taint data propagation through the program intermediate representation: based on the dataflow analysis (IFDS) or symbolic execution. In this paper, we describe how to implement both approaches within the existing static analyzer infrastructure to find errors in C# programs, and compare these approaches in different aspects: the scope of application, practical completeness, results quality, performance and scalability. Since both approaches use a common infrastructure for accessing information about the program and are implemented by a single development team, the results of the comparison are significant and can be used to select the best option in the context of the task. Our experiments show that it’s possible to achieve the same completeness regardless of chosen approach. IFDS-based implementation has higher performance comparing with symbolic execution for detectors with small amount of taint data sources. In the case of multiple detectors and a large amount of sources the scalability of IFDS approach is worse than the scalability of symbolic execution.

Keywords: taint analysis, static analysis, IFDS, symbolic execution.

Bibliographic databases:

Document Type: Article

Language: Russian

Citation: M. V. Belyaev, N. V. Shimchik, V. N. Ignatyev, A. A. Belevancev, “Comparative analysis of two approaches to the static taint analysis”, Proceedings of ISP RAS, 29:3 (2017), 99–116

Citation in format AMSBIB

\Bibitem{BelShiIgn17}

\by M.~V.~Belyaev, N.~V.~Shimchik, V.~N.~Ignatyev, A.~A.~Belevancev

\paper Comparative analysis of two approaches to the static taint analysis

\jour Proceedings of ISP RAS

\yr 2017

\vol 29

\issue 3

\pages 99--116

\mathnet{http://mi.mathnet.ru/tisp224}

\crossref{https://doi.org/10.15514/ISPRAS-2017-29(3)-7}

\elib{https://elibrary.ru/item.asp?id=29438842}

Linking options:

https://www.mathnet.ru/eng/tisp224

https://www.mathnet.ru/eng/tisp/v29/i3/p99

This publication is cited in the following 2 articles:

Citing articles in Google Scholar: Russian citations, English citations
Related articles in Google Scholar: Russian articles, English articles

Proceedings of the Institute for System Programming of the RAS

Registration to the website

Logotypes