Abstract
Taint analysis has a wide variety of applications in software analysis, making the precision of taint analysis an important consideration. Current taint analysis algorithms, including previous work on bit-precise taint analyses, suffer from shortcomings that can lead to significant loss of precision (under/over tainting) in some situations. This paper discusses these limitations of existing taint analysis algorithms, shows how they can lead to imprecise taint propagation, and proposes a generalization of current bit-level taint analysis techniques to address these problems and improve their precision. Experiments using a deobfuscation tool indicate that our enhanced taint analysis algorithm leads to significant improvements in the quality of deobfuscation.
Original language | English (US) |
---|---|
Title of host publication | Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 255-264 |
Number of pages | 10 |
ISBN (Print) | 9780769553047 |
DOIs | |
State | Published - Dec 4 2014 |
Event | 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014 - Victoria, Canada Duration: Sep 28 2014 → Sep 29 2014 |
Other
Other | 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014 |
---|---|
Country | Canada |
City | Victoria |
Period | 9/28/14 → 9/29/14 |
Fingerprint
Keywords
- Program Understanding
- Reverse Engineering
- Taint Analysis
ASJC Scopus subject areas
- Software
- Computer Science Applications
Cite this
Bit-level taint analysis. / Yadegari, Babak; Debray, Saumya K.
Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014. Institute of Electrical and Electronics Engineers Inc., 2014. p. 255-264 6975659.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - Bit-level taint analysis
AU - Yadegari, Babak
AU - Debray, Saumya K
PY - 2014/12/4
Y1 - 2014/12/4
N2 - Taint analysis has a wide variety of applications in software analysis, making the precision of taint analysis an important consideration. Current taint analysis algorithms, including previous work on bit-precise taint analyses, suffer from shortcomings that can lead to significant loss of precision (under/over tainting) in some situations. This paper discusses these limitations of existing taint analysis algorithms, shows how they can lead to imprecise taint propagation, and proposes a generalization of current bit-level taint analysis techniques to address these problems and improve their precision. Experiments using a deobfuscation tool indicate that our enhanced taint analysis algorithm leads to significant improvements in the quality of deobfuscation.
AB - Taint analysis has a wide variety of applications in software analysis, making the precision of taint analysis an important consideration. Current taint analysis algorithms, including previous work on bit-precise taint analyses, suffer from shortcomings that can lead to significant loss of precision (under/over tainting) in some situations. This paper discusses these limitations of existing taint analysis algorithms, shows how they can lead to imprecise taint propagation, and proposes a generalization of current bit-level taint analysis techniques to address these problems and improve their precision. Experiments using a deobfuscation tool indicate that our enhanced taint analysis algorithm leads to significant improvements in the quality of deobfuscation.
KW - Program Understanding
KW - Reverse Engineering
KW - Taint Analysis
UR - http://www.scopus.com/inward/record.url?scp=84924874077&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84924874077&partnerID=8YFLogxK
U2 - 10.1109/SCAM.2014.43
DO - 10.1109/SCAM.2014.43
M3 - Conference contribution
AN - SCOPUS:84924874077
SN - 9780769553047
SP - 255
EP - 264
BT - Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014
PB - Institute of Electrical and Electronics Engineers Inc.
ER -