دورية أكاديمية
Interprocedural taint analysis for LLVM-bitcode
| العنوان: | Interprocedural taint analysis for LLVM-bitcode |
|---|---|
| المؤلفون: | V. K. Koshelev, A. O. Izbyshev, I. A. Dudina |
| المصدر: | Труды Института системного программирования РАН, Vol 26, Iss 2, Pp 97-118 (2018) |
| بيانات النشر: | Ivannikov Institute for System Programming of the Russian Academy of Sciences, 2018. |
| سنة النشر: | 2018 |
| المجموعة: | LCC:Electronic computers. Computer science |
| مصطلحات موضوعية: | статический анализ, межпроцедурный анализ, класс ifds, анализ потоков данных, анализ помеченных данных, Electronic computers. Computer science, QA75.5-76.95 |
| الوصف: | Today the development cycle of many application classes requires a security analysis stage. Taint analysis is widely used to check programs for different security vulnerabilities. This paper describes static interprocedural flow, context, and object-sensitive taint analysis approach for C/C++ applications. Our taint analysis algorithm is based on the Flowdroid project’s approach, but in contrast to Flowdroid, which aims to analyze Java bytecode, our approach handles LLVM bitcode and pointer arithmetic. Primary drawback of the Flowdroid approach is a memory usage issue which arises during analysis of medium size applications (around 10 000 edges in the call graph). To achieve scalability of the approach, we suggest a set of heuristics which helps to significantly decrease memory usage of the algorithm. The testing of real-world applications shows that such heuristics make precise taint analysis suitable for the medium size programs. Using our approach, we implemented general taint analysis framework as an LLVM pass. Additional security checks (e.g. Use of Hard-coded Password, Information Exposure, etc.) can be implemented on top of this framework. We have also developed auxiliary passes which resolve targets of virtual calls and build interprocedural control flow graph according to the results. |
| نوع الوثيقة: | article |
| وصف الملف: | electronic resource |
| اللغة: | English Russian |
| تدمد: | 2079-8156 2220-6426 |
| Relation: | https://ispranproceedings.elpub.ru/jour/article/view/792; https://doaj.org/toc/2079-8156; https://doaj.org/toc/2220-6426 |
| DOI: | 10.15514/ISPRAS-2014-26(2)-4 |
| URL الوصول: | https://doaj.org/article/d18f1088bbe6420ca317ba82cae32cdf |
| رقم الأكسشن: | edsdoj.18f1088bbe6420ca317ba82cae32cdf |
| قاعدة البيانات: | Directory of Open Access Journals |
Full Text Finder | تدمد: | 20798156 22206426 |
|---|---|
| DOI: | 10.15514/ISPRAS-2014-26(2)-4 |