A dynamic taint analysis method of control-dependent data
- Authors
- Kang, B; Kim, T; Kim, J; Im, EG
- Issue Date
- Nov-2016
- Keywords
- Dynamic Taint Analysis; Control-Dependent Data; Software Testing; Malware Analysis
- Citation
- Information, v.19, no.11, pp 5245 - 5259
- Pages
- 15
- Indexed
- SCOPUS
- Journal Title
- Information
- Volume
- 19
- Number
- 11
- Start Page
- 5245
- End Page
- 5259
- URI
- https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/153602
- ISSN
- 1344-8994
1344-8994
- Abstract
- Dynamic taint analysis (DTA) is one of the primary methods of software analyzation. Vanilla DTA is the most straightforward approach, which uses conventional data flow without considering any control-dependent data, usually suffers under-tainting problem. In this paper, we propose a dynamic taint analysis method which mitigates under-tainting problem caused by control-dependent data. Our method detects the controls which are executed by tainted data, and marks the control-dependent data as tainted. We implement a system which represents our method, and experiment with 9 programs; 4 commodity software, and 5 Botnet malware. We also experiment with vanilla DTA and DYTAN's DTA, which demonstrate under-tainting and over-tainting problems, respectively. We evaluate the experimental results on two criteria: the number of tainted instructions, and tainting intensity. The evaluation shows that our system propagate taint marks to the control-dependent data for all 9 programs, and does not cause over-tainting problem. Although there are some discussions, we hope our approach will contribute to the software testing and malware mitigation.
- Files in This Item
-
Go to Link
- Appears in
Collections - 서울 공과대학 > 서울 컴퓨터소프트웨어학부 > 1. Journal Articles

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.