Download - Taint Analysis Review
王卓
AgendaOverview
People
Tools
OverviewTaint analysis
主要原理 :将来自于网络等不被信任的渠道的数据都会被标记为“被污染”的,由此产生的一系列算术和逻辑操作新生成的数据也会继承源数据的“是否被 污染”的属性。然后根据指令的操作数或者函数参数的污染状态查找软件漏洞。
相关论文
Dawn SongAssociate Professor
Computer Science Division University of California, Berkeley
Panorama: capturing system-wide information flow for malware detection and analysis
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software
Omer Trippa PhD candidate at Tel-Aviv University
TAJ: Effective Taint Analysis of Web Applications PLDI 09
Learning Minimal Abstractions POPL2011
James ClauseAn assistant professor at the University of Delaware.Research interests: software engineering with
emphasis on debugging and program analysisPenumbra: automatically identifying
failure-relevant inputs using dynamic tainting ISSTA09
Dytan ISSTA2007Effective memory protection using
dynamic tainting ASE07
Tielei Wang北京大学计算机科学技术研究所
TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability DetectionIEEE S&P
IntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution NDSS2009
TaintcheckAuthor: James Newsome, Dawn SongDynamic Taint Analysis for Automatic
Detection, Analysis, and Signature Generation of Exploits on Commodity Software NDSS05
The first practical taint tool.Based on Valgrind.
LIFTLIFT: A Low-Overhead Practical Information Flow
Tracking System for Detecting Security AttacksFeng Qin, Ohio State University Cheng Wang, Intel Corporation Zhenmin Li, University of Illinois at Urbana-
ChampaignA low-overhead attack discoverer.:1.Fast Path2.Merged Check3.Fast Switch
DytanDytan: A Generic Dynamic Taint Analysis
Framework ISSTA 2007James Clause, Wanchun (Paul) Li, and Alessandro OrsoHighlight: Control flow Taint
BuzzfuzzTaint-based Directed Whitebox
Fuzzing ICSE2009Vijay Ganesh and Tim Leek and Martin
Rinard MITUsing taint analysis to direct fuzzing.
TaintScopeTaintScope: A Checksum-Aware Directed
Fuzzing Tool for Automatic Software Vulnerability Detection
Tielei Wang, Tao Wei1, Guofei Gu, Wei ZouKey words: Fuzzing, Taint analysis, Symbolic
executionThe approach: (1) byte analysis (2) checksum information