Bit-level taint analysis

Babak Yadegari, Saumya Debray

Research output: Chapter in Book/Report/Conference proceedingConference contribution

15 Scopus citations

Abstract

Taint analysis has a wide variety of applications in software analysis, making the precision of taint analysis an important consideration. Current taint analysis algorithms, including previous work on bit-precise taint analyses, suffer from shortcomings that can lead to significant loss of precision (under/over tainting) in some situations. This paper discusses these limitations of existing taint analysis algorithms, shows how they can lead to imprecise taint propagation, and proposes a generalization of current bit-level taint analysis techniques to address these problems and improve their precision. Experiments using a deobfuscation tool indicate that our enhanced taint analysis algorithm leads to significant improvements in the quality of deobfuscation.

Original languageEnglish (US)
Title of host publicationProceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages255-264
Number of pages10
ISBN (Electronic)9780769553047
DOIs
StatePublished - Dec 4 2014
Event14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014 - Victoria, Canada
Duration: Sep 28 2014Sep 29 2014

Publication series

NameProceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014

Other

Other14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014
CountryCanada
CityVictoria
Period9/28/149/29/14

    Fingerprint

Keywords

  • Program Understanding
  • Reverse Engineering
  • Taint Analysis

ASJC Scopus subject areas

  • Software
  • Computer Science Applications

Cite this

Yadegari, B., & Debray, S. (2014). Bit-level taint analysis. In Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014 (pp. 255-264). [6975659] (Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SCAM.2014.43