Title :
TWalker: An efficient taint analysis tool
Author :
Jinxin Ma ; Puhan Zhang ; Guowei Dong ; Shuai Shao ; Jiangxiao Zhang
Author_Institution :
China Inf. Technol. Security Evaluation Center, Beijing, China
Abstract :
The taint analysis method is usually effective for vulnerabilities detection. Existing works mostly care about the accuracy of taint propagation, not considering the time cost. We proposed a novel method to improve the efficiency of taint propagation with indices. Based our method, we have implemented TWalker, an effective vulnerabilities detection tool that enables easy data flow analysis of the real world programs, providing faster taint analysis than other existing works. TWalker has four properties: first, it works directly on the programs without source code; second, it monitors the program´s execution and records its necessary context; third, it delivers fine-grained taint analysis, providing fast taint propagation with indices; fourth, it could detect vulnerabilities effectively based on two security property rules. We have evaluated TWalker with several real world programs and compared it with a typical taint analysis tool. The experimental results show that our tool could perform taint propagation much faster than other tool, having better ability for vulnerabilities detection.
Keywords :
data flow analysis; security of data; TWalker; data flow analysis; efficient taint analysis tool; fine grained taint analysis; program execution; security property rules; taint propagation; vulnerabilities detection; Context; Indexes; Monitoring; Software; indices; security property; taint analysis; trace; vulnerabilities detection;
Conference_Titel :
Information Assurance and Security (IAS), 2014 10th International Conference on
Print_ISBN :
978-1-4799-8098-7
DOI :
10.1109/ISIAS.2014.7064628