Journal of Software:2017.28(4):860-882

(计算机系统结构国家重点实验室(中国科学院 计算技术研究所), 北京 100190;中国科学院大学, 北京 100190)
Principle and Practice of Taint Analysis
WANG Lei,LI Feng,LI Lian,FENG Xiao-Bing
(State Key Laboratory of Computer Architecture(Institute of Computing Technology, The Chinese Academy of Sciences), Beijing 100190, China;University of Chinese Academy of Sciences, Beijing 100190, China)
Chart / table
Similar Articles
Article :Browse 2937   Download 7346
Received:June 18, 2016    Revised:September 08, 2016
> 中文摘要: 信息流分析可以有效保证计算机系统中信息的保密性和完整性,污点分析作为其实践,被广泛用于软件系统的安全保障技术领域.对近些年来面向解决应用程序安全问题的污点分析技术进行综述:首先,总结了污点分析的基本原理以及在应用中的通用技术,即,使用动态和静态的方法解决污点传播;随后,分析该技术在移动终端、互联网平台上的应用过程中遇到的问题和解决方案,包括解决Android应用隐私泄露与检测Web系统安全漏洞的污点分析技术;最后,展望该技术的研究前景和发展趋势.
Abstract:Information flow analysis is a promising approach for protecting the confidentiality and integrity of information manipulated by computing systems. Taint analysis, as in practice, is widely used in the area of software security assurance. This survey summarizes the latest advances on taint analysis, especially the solutions applied in different platform applications. Firstly, the basic principle of taint analysis is introduced along with the general technology of taint propagation implemented by dynamic and static analyses. Then, the proposals applied in different platform frameworks, including techniques for protecting privacy leakage on Android and finding security vulnerabilities on Web, are analyzed. Lastly, further research directions and future work are discussed.
文章编号:     中图分类号:    文献标志码:
基金项目:国家自然科学基金(61303053,61402303) 国家自然科学基金(61303053,61402303)
Foundation items:National Natural Science Foundation of China (61303053, 61402303)
Reference text:


WANG Lei,LI Feng,LI Lian,FENG Xiao-Bing.Principle and Practice of Taint Analysis.Journal of Software,2017,28(4):860-882