• Title/Summary/Keyword: dynamic taint analysis

Search Result 7, Processing Time 0.026 seconds

Theory and Implementation of Dynamic Taint Analysis for Tracing Tainted Data of Programs (프로그램의 오염 정보 추적을 위한 동적 오염 분석의 이론 및 구현)

  • Lim, Hyun-Il
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.2 no.7
    • /
    • pp.303-310
    • /
    • 2013
  • As the role of software increases in computing environments, issues in software security become more important problems. Dynamic taint analysis is a technique to trace and manage tainted data originated from unreliable sources during the execution of a program. This analysis can be applied to software security verification as well as software behavior understanding, testing unexpected errors, or debugging. In the previous researches, they focussed only to show the analysis results of dynamic taint analysis, and they did not logically describe propagation process of tainted data and analysis procedures. So, there were difficulties in understanding the analysis procedures or applying to other analysis. In this paper, by theoretically describing the analysis procedure, we logically show how the propagation process of tainted data can be traced, and present a theoretical model for dynamic taint analysis. In addition, we verify the correctness of the proposed model by implementing an analyser, and show that propagation of tainted data can be traced by the model. The proposed model can be applied to understand the analysis procedures of data flows in dynamic taint analysis, and can be used as an base knowledge for designing and implementing analysis method, which applies such analysis method.

A Reusable SQL Injection Detection Method for Java Web Applications

  • He, Chengwan;He, Yue
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.14 no.6
    • /
    • pp.2576-2590
    • /
    • 2020
  • The fundamental reason why most SQL injection detection methods are difficult to use in practice is the low reusability of the implementation code. This paper presents a reusable SQL injection detection method for Java Web applications based on AOP (Aspect-Oriented Programming) and dynamic taint analysis, which encapsulates the dynamic taint analysis processes into different aspects and establishes aspect library to realize the large-grained reuse of the code for detecting SQL injection attacks. A metamodel of aspect library is proposed, and a management tool for the aspect library is implemented. Experiments show that this method can effectively detect 7 known types of SQL injection attack such as tautologies, logically incorrect queries, union query, piggy-backed queries, stored procedures, inference query, alternate encodings and so on, and support the large-grained reuse of the code for detecting SQL injection attacks.

Detecting Security Vulnerabilities in TypeScript Code with Static Taint Analysis (정적 오염 분석을 활용한 타입스크립트 코드의 보안 취약점 탐지)

  • Moon, Taegeun;Kim, Hyoungshick
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.2
    • /
    • pp.263-277
    • /
    • 2021
  • Taint analysis techniques are popularly used to detect web vulnerabilities originating from unverified user input data, such as Cross-Site Scripting (XSS) and SQL Injection, in web applications written in JavaScript. To detect such vulnerabilities, it would be necessary to trace variables affected by user-submitted inputs. However, because of the dynamic nature of JavaScript, it has been a challenging issue to identify those variables without running the web application code. Therefore, most existing taint analysis tools have been developed based on dynamic taint analysis, which requires the overhead of running the target application. In this paper, we propose a novel static taint analysis technique using symbol information obtained from the TypeScript (a superset of JavaScript) compiler to accurately track data flow and detect security vulnerabilities in TypeScript code. Our proposed technique allows developers to annotate variables that can contain unverified user input data, and uses the annotation information to trace variables and data affected by user input data. Since our proposed technique can seamlessly be incorporated into the TypeScript compiler, developers can find vulnerabilities during the development process, unlike existing analysis tools performed as a separate tool. To show the feasibility of the proposed method, we implemented a prototype and evaluated its performance with 8 web applications with known security vulnerabilities. We found that our prototype implementation could detect all known security vulnerabilities correctly.

Analyzing Vulnerable Software Code Using Dynamic Taint and SMT Solver (동적오염분석과 SMT 해석기를 이용한 소프트웨어 보안 취약점 분석 연구)

  • Kim, Sungho;Park, Yongsu
    • KIISE Transactions on Computing Practices
    • /
    • v.21 no.3
    • /
    • pp.257-262
    • /
    • 2015
  • As software grows more complex, it contains more bugs that are not recognized by developers. Attackers can then use exploitable bugs to penetrate systems or spread malicious code. As a representative method, attackers manipulated documents or multimedia files in order to make the software engage in unanticipated behavior. Recently, this method has gained frequent use in A.P.T. In this paper, an automatic analysis method to find software security bugs was proposed. This approach aimed at finding security bugs in the software which can arise from input data such as documents or multimedia. Through dynamic taint analysis, how input data propagation to vulnerable code occurred was tracked, and relevant instructions in relation to input data were found. Next, the relevant instructions were translated to a formula and vulnerable input data were found via the formula using an SMT solver. Using this approach, 6 vulnerable codes were found, and data were input to crash applications such as HWP and Gomplayer.

Deep Learning based Dynamic Taint Detection Technique for Binary Code Vulnerability Detection (바이너리 코드 취약점 탐지를 위한 딥러닝 기반 동적 오염 탐지 기술)

  • Kwang-Man Ko
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.16 no.3
    • /
    • pp.161-166
    • /
    • 2023
  • In recent years, new and variant hacking of binary codes has increased, and the limitations of techniques for detecting malicious codes in source programs and defending against attacks are often exposed. Advanced software security vulnerability detection technology using machine learning and deep learning technology for binary code and defense and response capabilities against attacks are required. In this paper, we propose a malware clustering method that groups malware based on the characteristics of the taint information after entering dynamic taint information by tracing the execution path of binary code. Malware vulnerability detection was applied to a three-layered Few-shot learning model, and F1-scores were calculated for each layer's CPU and GPU. We obtained 97~98% performance in the learning process and 80~81% detection performance in the test process.

A Fuzzing Seed Generation Technique Using Natural Language Processing Model (자연어 처리 모델을 활용한 퍼징 시드 생성 기법)

  • Kim, DongYonug;Jeon, SangHoon;Ryu, MinSoo;Kim, Huy Kang
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.2
    • /
    • pp.417-437
    • /
    • 2022
  • The quality of the fuzzing seed file is one of the important factors to discover vulnerabilities faster. Although the prior seed generation paradigm, using dynamic taint analysis and symbolic execution techniques, enhanced fuzzing efficiency, the yare not extensively applied owing to their high complexity and need for expertise. This study proposed the DDRFuzz system, which creates seed files based on sequence-to-sequence models. We evaluated DDRFuzz on five open-source applications that used multimedia input files. Following experimental results, DDRFuzz showed the best performance compared with the state-of-the-art studies in terms of fuzzing efficiency.

Graph based Binary Code Execution Path Exploration Platform for Dynamic Symbolic Execution (동적 기호 실행을 이용한 그래프 기반 바이너리 코드 실행 경로 탐색 플랫폼)

  • Kang, Byeongho;Im, Eul Gyu
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.3
    • /
    • pp.437-444
    • /
    • 2014
  • In this paper, we introduce a Graph based Binary Code Execution Path Exploration Platform. In the graph, a node is defined as a conditional branch instruction, and an edge is defined as the other instructions. We implemented prototype of the proposed method and works well on real binary code. Experimental results show proposed method correctly explores execution path of target binary code. We expect our method can help Software Assurance, Secure Programming, and Malware Analysis more correct and efficient.