Bit-level taint analysis

Babak Yadegari; Saumya K Debray

doi:10.1109/SCAM.2014.43

Bit-level taint analysis

Babak Yadegari, Saumya K Debray

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

12 Citations (Scopus)

Abstract

Taint analysis has a wide variety of applications in software analysis, making the precision of taint analysis an important consideration. Current taint analysis algorithms, including previous work on bit-precise taint analyses, suffer from shortcomings that can lead to significant loss of precision (under/over tainting) in some situations. This paper discusses these limitations of existing taint analysis algorithms, shows how they can lead to imprecise taint propagation, and proposes a generalization of current bit-level taint analysis techniques to address these problems and improve their precision. Experiments using a deobfuscation tool indicate that our enhanced taint analysis algorithm leads to significant improvements in the quality of deobfuscation.

Original language	English (US)
Title of host publication	Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	255-264
Number of pages	10
ISBN (Print)	9780769553047
DOIs	https://doi.org/10.1109/SCAM.2014.43
State	Published - Dec 4 2014
Event	14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014 - Victoria, Canada Duration: Sep 28 2014 → Sep 29 2014

Other

Other	14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014
Country	Canada
City	Victoria
Period	9/28/14 → 9/29/14

Fingerprint

Experiments

Keywords

Program Understanding
Reverse Engineering
Taint Analysis

ASJC Scopus subject areas

Software
Computer Science Applications

Cite this

Yadegari, B., & Debray, S. K. (2014). Bit-level taint analysis. In Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014 (pp. 255-264). [6975659] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SCAM.2014.43

Bit-level taint analysis. / Yadegari, Babak; Debray, Saumya K.

Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014. Institute of Electrical and Electronics Engineers Inc., 2014. p. 255-264 6975659.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yadegari, B & Debray, SK 2014, Bit-level taint analysis. in Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014., 6975659, Institute of Electrical and Electronics Engineers Inc., pp. 255-264, 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014, Victoria, Canada, 9/28/14. https://doi.org/10.1109/SCAM.2014.43

Yadegari B, Debray SK. Bit-level taint analysis. In Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014. Institute of Electrical and Electronics Engineers Inc. 2014. p. 255-264. 6975659 https://doi.org/10.1109/SCAM.2014.43

Yadegari, Babak ; Debray, Saumya K. / Bit-level taint analysis. Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014. Institute of Electrical and Electronics Engineers Inc., 2014. pp. 255-264

@inproceedings{0709662152854271889f005b7d5f4939,

title = "Bit-level taint analysis",

abstract = "Taint analysis has a wide variety of applications in software analysis, making the precision of taint analysis an important consideration. Current taint analysis algorithms, including previous work on bit-precise taint analyses, suffer from shortcomings that can lead to significant loss of precision (under/over tainting) in some situations. This paper discusses these limitations of existing taint analysis algorithms, shows how they can lead to imprecise taint propagation, and proposes a generalization of current bit-level taint analysis techniques to address these problems and improve their precision. Experiments using a deobfuscation tool indicate that our enhanced taint analysis algorithm leads to significant improvements in the quality of deobfuscation.",

keywords = "Program Understanding, Reverse Engineering, Taint Analysis",

author = "Babak Yadegari and Debray, {Saumya K}",

year = "2014",

month = "12",

day = "4",

doi = "10.1109/SCAM.2014.43",

language = "English (US)",

isbn = "9780769553047",

pages = "255--264",

booktitle = "Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Bit-level taint analysis

AU - Yadegari, Babak

AU - Debray, Saumya K

PY - 2014/12/4

Y1 - 2014/12/4

N2 - Taint analysis has a wide variety of applications in software analysis, making the precision of taint analysis an important consideration. Current taint analysis algorithms, including previous work on bit-precise taint analyses, suffer from shortcomings that can lead to significant loss of precision (under/over tainting) in some situations. This paper discusses these limitations of existing taint analysis algorithms, shows how they can lead to imprecise taint propagation, and proposes a generalization of current bit-level taint analysis techniques to address these problems and improve their precision. Experiments using a deobfuscation tool indicate that our enhanced taint analysis algorithm leads to significant improvements in the quality of deobfuscation.

AB - Taint analysis has a wide variety of applications in software analysis, making the precision of taint analysis an important consideration. Current taint analysis algorithms, including previous work on bit-precise taint analyses, suffer from shortcomings that can lead to significant loss of precision (under/over tainting) in some situations. This paper discusses these limitations of existing taint analysis algorithms, shows how they can lead to imprecise taint propagation, and proposes a generalization of current bit-level taint analysis techniques to address these problems and improve their precision. Experiments using a deobfuscation tool indicate that our enhanced taint analysis algorithm leads to significant improvements in the quality of deobfuscation.

KW - Program Understanding

KW - Reverse Engineering

KW - Taint Analysis

UR - http://www.scopus.com/inward/record.url?scp=84924874077&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84924874077&partnerID=8YFLogxK

U2 - 10.1109/SCAM.2014.43

DO - 10.1109/SCAM.2014.43

M3 - Conference contribution

AN - SCOPUS:84924874077

SN - 9780769553047

SP - 255

EP - 264

BT - Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Access to Document

10.1109/SCAM.2014.43