Title :
Taint Dependency Sequences: A Characterization of Insecure Execution Paths Based on Input-Sensitive Cause Sequences
Author :
Cearä, Dumitru ; Mounier, Laurent ; Potet, Marie-Laure
Author_Institution :
VERIMAG Lab., Univ. of Grenoble, Gieres, France
Abstract :
Numerous software vulnerabilities can be activated only with dedicated user inputs. Taint analysis is a security check which consists in looking for possible dependency chains between user inputs and vulnerable statements (like array accesses). Most of the existing static taint analysis tools produce some warnings on potentially vulnerable program locations. It is then up to the developer to analyze these results by scanning the possible execution paths that may lead to these locations with unsecured user inputs. We present a Taint Dependency Sequences Calculus, based on a fine-grain data and control taint analysis, that aims to help the developer in this task by providing some information on the set of paths that need to be analyzed. Following some ideas introduced in, we also propose some metrics to characterize these paths in term of "dangerousness". This approach is illustrated with the help of the Verisec Suite and by describing a prototype, called STAC.
Keywords :
calculus; program testing; security; Verisec suite; input-sensitive cause sequences; insecure execution paths; security check; software vulnerabilities; static taint analysis; taint dependency sequences calculus; Calculus; Computer languages; Face detection; Information analysis; Laboratories; Performance analysis; Prototypes; Runtime; Security; Software testing; taint analysis; test objectives; vulnerability detection;
Conference_Titel :
Software Testing, Verification, and Validation Workshops (ICSTW), 2010 Third International Conference on
Conference_Location :
Paris
Print_ISBN :
978-1-4244-6773-0
DOI :
10.1109/ICSTW.2010.28