Theory and Implementation of Dynamic Taint Analysis for Tracing Tainted Data of Programs


KIPS Transactions on Computer and Communication Systems, Vol. 2, No. 7, pp. 303-310, Jul. 2013
10.3745/KTCCS.2013.2.7.303,   PDF Download:

Abstract

As the role of software increases in computing environments, issues in software security become more important problems. Dynamic taint analysis is a technique to trace and manage tainted data originated from unreliable source during the execution of a program. This analysis can be applied to software security verification as well as software behavior understanding, testing unexpected errors, or debugging. In the previous reseaeches, they focused only to show the analysis results of dynamic taint analysis, and they did not logically describe propagation process of tainted data and analysis procedures. So, there were difficulties in understanding the analysis procedures or applying to other analysis. In this paper, by theoretically describing the analysis. In addition, we verify the correctness of the proposed model by implementing an analyzer, and show that propagation of tainted data can be traced by the model. The proposed model can be applied to understand the analysis procedures of data flows in dynamic taint analysis, and can be used as an base knowledge for designing and implementing analysis method, which applies such analysis method.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
H. I. Lim, "Theory and Implementation of Dynamic Taint Analysis for Tracing Tainted Data of Programs," KIPS Transactions on Computer and Communication Systems, vol. 2, no. 7, pp. 303-310, 2013. DOI: 10.3745/KTCCS.2013.2.7.303.

[ACM Style]
Hyun Il Lim. 2013. Theory and Implementation of Dynamic Taint Analysis for Tracing Tainted Data of Programs. KIPS Transactions on Computer and Communication Systems, 2, 7, (2013), 303-310. DOI: 10.3745/KTCCS.2013.2.7.303.