Browse > Article
http://dx.doi.org/10.3745/KTCCS.2013.2.7.303

Theory and Implementation of Dynamic Taint Analysis for Tracing Tainted Data of Programs  

Lim, Hyun-Il (경남대학교 컴퓨터공학과)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.2, no.7, 2013 , pp. 303-310 More about this Journal
Abstract
As the role of software increases in computing environments, issues in software security become more important problems. Dynamic taint analysis is a technique to trace and manage tainted data originated from unreliable sources during the execution of a program. This analysis can be applied to software security verification as well as software behavior understanding, testing unexpected errors, or debugging. In the previous researches, they focussed only to show the analysis results of dynamic taint analysis, and they did not logically describe propagation process of tainted data and analysis procedures. So, there were difficulties in understanding the analysis procedures or applying to other analysis. In this paper, by theoretically describing the analysis procedure, we logically show how the propagation process of tainted data can be traced, and present a theoretical model for dynamic taint analysis. In addition, we verify the correctness of the proposed model by implementing an analyser, and show that propagation of tainted data can be traced by the model. The proposed model can be applied to understand the analysis procedures of data flows in dynamic taint analysis, and can be used as an base knowledge for designing and implementing analysis method, which applies such analysis method.
Keywords
Dynamic Taint Analysis; Software Security; Software Analysis;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Marco Pistoia, Satish Chandra, Stephen J. Fink, and Eran Yahav, A survey of static analysis methods for identifying security vulnerabilities in software systems, IBM Systems Journal, Vol.46, No.2, pp.265-288, 2007.   DOI
2 Manuel Egele, Theodoor Scholte, Engin Kirda, Christopher Kruegel, A Survey on Automated Dynamic Malware Analysis Techniques and Tools, ACM Computing Surveys, Vol.44, No.2, February, 2012.
3 James Newsome and Dawn Song. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In Proceedings of the Network and Distributed System Security Symposium, 2005.
4 Winnie Cheng, Qin Zhao, Bei Yu, and Scott Hiroshige, TaintTrace: Efficient Flow Tracing with Dynamic Binary Rewriting, In Proceedings of 11th IEEE Symposium on Computers and Communications, pp.749-754, June, 2006.
5 James Clause, Wanchun Li, and Ro Orso, Dytan: A Generic Dynamic Taint Analysis Framework, In Proceedings of the International Symposium on Software Testing and Analysis, pp.196-206, 2007.
6 Zhiwen Bai, Liming Wang, Jinglin Chen, Lin Xu, Jian Liu, and Xiyang Liu, DTAD: A Dynamic Taint Analysis Detector for Information Security, In Proceedings of The Ninth International Conference on Web-Age Information Management, pp.591-597, July, 2008.
7 Heng Yin, Dawn Song, Manuel Egele, Christopher Kruegel, and Engin Kirda, Panorama: capturing system-wide information flow for malware detection and analysis, In Proceedings of the 14th ACM conference on Computer and communications security, pp.116-127, 2007.
8 Syntax of the WHILE Language, http://pag.cs.uni-sb.de/while.html
9 Kenneth Slonneger and Barry L. Kurtz, Formal Syntax and Semantics of Programming Languages, Addison Wesley, 1995.
10 Sanjiva Prasad and S. Arun-Kumar, An Introduction to Operational Semantics, In the Compiler Design Handbook: Optimizations and Machine Code Generation, pp.841-890, CRC Press, 2002.
11 The Haskell Programming Language, http://www.haskell.org/.
12 Mark P. Jones, Typing Haskell in Haskell, In the Proceedings of Haskell Workshop, January, 1999.