DocumentCode
2351633
Title
Taint Dependency Sequences: A Characterization of Insecure Execution Paths Based on Input-Sensitive Cause Sequences
Author
Cearä, Dumitru ; Mounier, Laurent ; Potet, Marie-Laure
Author_Institution
VERIMAG Lab., Univ. of Grenoble, Gieres, France
fYear
2010
fDate
6-10 April 2010
Firstpage
371
Lastpage
380
Abstract
Numerous software vulnerabilities can be activated only with dedicated user inputs. Taint analysis is a security check which consists in looking for possible dependency chains between user inputs and vulnerable statements (like array accesses). Most of the existing static taint analysis tools produce some warnings on potentially vulnerable program locations. It is then up to the developer to analyze these results by scanning the possible execution paths that may lead to these locations with unsecured user inputs. We present a Taint Dependency Sequences Calculus, based on a fine-grain data and control taint analysis, that aims to help the developer in this task by providing some information on the set of paths that need to be analyzed. Following some ideas introduced in, we also propose some metrics to characterize these paths in term of "dangerousness". This approach is illustrated with the help of the Verisec Suite and by describing a prototype, called STAC.
Keywords
calculus; program testing; security; Verisec suite; input-sensitive cause sequences; insecure execution paths; security check; software vulnerabilities; static taint analysis; taint dependency sequences calculus; Calculus; Computer languages; Face detection; Information analysis; Laboratories; Performance analysis; Prototypes; Runtime; Security; Software testing; taint analysis; test objectives; vulnerability detection;
fLanguage
English
Publisher
ieee
Conference_Titel
Software Testing, Verification, and Validation Workshops (ICSTW), 2010 Third International Conference on
Conference_Location
Paris
Print_ISBN
978-1-4244-6773-0
Type
conf
DOI
10.1109/ICSTW.2010.28
Filename
5463673
Link To Document