Bit-level taint analysis

Babak Yadegari; Saumya Debray

doi:10.1109/SCAM.2014.43

Bit-level taint analysis

Babak Yadegari, Saumya Debray

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

22 Scopus citations

Abstract

Taint analysis has a wide variety of applications in software analysis, making the precision of taint analysis an important consideration. Current taint analysis algorithms, including previous work on bit-precise taint analyses, suffer from shortcomings that can lead to significant loss of precision (under/over tainting) in some situations. This paper discusses these limitations of existing taint analysis algorithms, shows how they can lead to imprecise taint propagation, and proposes a generalization of current bit-level taint analysis techniques to address these problems and improve their precision. Experiments using a deobfuscation tool indicate that our enhanced taint analysis algorithm leads to significant improvements in the quality of deobfuscation.

Original language	English (US)
Title of host publication	Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	255-264
Number of pages	10
ISBN (Electronic)	9780769553047
DOIs	https://doi.org/10.1109/SCAM.2014.43
State	Published - Dec 4 2014
Event	14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014 - Victoria, Canada Duration: Sep 28 2014 → Sep 29 2014

Publication series

Name	Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014

Other

Other	14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014
Country/Territory	Canada
City	Victoria
Period	9/28/14 → 9/29/14

Keywords

Program Understanding
Reverse Engineering
Taint Analysis

ASJC Scopus subject areas

Software
Computer Science Applications

Access to Document

10.1109/SCAM.2014.43

Cite this

Yadegari, B., & Debray, S. (2014). Bit-level taint analysis. In Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014 (pp. 255-264). [6975659] (Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SCAM.2014.43

Bit-level taint analysis. / Yadegari, Babak; Debray, Saumya.

Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014. Institute of Electrical and Electronics Engineers Inc., 2014. p. 255-264 6975659 (Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yadegari, B & Debray, S 2014, Bit-level taint analysis. in Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014., 6975659, Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014, Institute of Electrical and Electronics Engineers Inc., pp. 255-264, 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014, Victoria, Canada, 9/28/14. https://doi.org/10.1109/SCAM.2014.43

Yadegari B, Debray S. Bit-level taint analysis. In Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014. Institute of Electrical and Electronics Engineers Inc. 2014. p. 255-264. 6975659. (Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014). https://doi.org/10.1109/SCAM.2014.43

@inproceedings{0709662152854271889f005b7d5f4939,

title = "Bit-level taint analysis",

abstract = "Taint analysis has a wide variety of applications in software analysis, making the precision of taint analysis an important consideration. Current taint analysis algorithms, including previous work on bit-precise taint analyses, suffer from shortcomings that can lead to significant loss of precision (under/over tainting) in some situations. This paper discusses these limitations of existing taint analysis algorithms, shows how they can lead to imprecise taint propagation, and proposes a generalization of current bit-level taint analysis techniques to address these problems and improve their precision. Experiments using a deobfuscation tool indicate that our enhanced taint analysis algorithm leads to significant improvements in the quality of deobfuscation.",

keywords = "Program Understanding, Reverse Engineering, Taint Analysis",

author = "Babak Yadegari and Saumya Debray",

note = "Publisher Copyright: {\textcopyright} 2014 IEEE.; 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014 ; Conference date: 28-09-2014 Through 29-09-2014",

year = "2014",

month = dec,

day = "4",

doi = "10.1109/SCAM.2014.43",

language = "English (US)",

series = "Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "255--264",

booktitle = "Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014",

}

TY - GEN

T1 - Bit-level taint analysis

AU - Yadegari, Babak

AU - Debray, Saumya

PY - 2014/12/4

Y1 - 2014/12/4

N2 - Taint analysis has a wide variety of applications in software analysis, making the precision of taint analysis an important consideration. Current taint analysis algorithms, including previous work on bit-precise taint analyses, suffer from shortcomings that can lead to significant loss of precision (under/over tainting) in some situations. This paper discusses these limitations of existing taint analysis algorithms, shows how they can lead to imprecise taint propagation, and proposes a generalization of current bit-level taint analysis techniques to address these problems and improve their precision. Experiments using a deobfuscation tool indicate that our enhanced taint analysis algorithm leads to significant improvements in the quality of deobfuscation.

AB - Taint analysis has a wide variety of applications in software analysis, making the precision of taint analysis an important consideration. Current taint analysis algorithms, including previous work on bit-precise taint analyses, suffer from shortcomings that can lead to significant loss of precision (under/over tainting) in some situations. This paper discusses these limitations of existing taint analysis algorithms, shows how they can lead to imprecise taint propagation, and proposes a generalization of current bit-level taint analysis techniques to address these problems and improve their precision. Experiments using a deobfuscation tool indicate that our enhanced taint analysis algorithm leads to significant improvements in the quality of deobfuscation.

KW - Program Understanding

KW - Reverse Engineering

KW - Taint Analysis

UR - http://www.scopus.com/inward/record.url?scp=84924874077&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84924874077&partnerID=8YFLogxK

U2 - 10.1109/SCAM.2014.43

DO - 10.1109/SCAM.2014.43

M3 - Conference contribution

AN - SCOPUS:84924874077

T3 - Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014

SP - 255

EP - 264

BT - Proceedings - 2014 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 14th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2014

Y2 - 28 September 2014 through 29 September 2014

ER -

Bit-level taint analysis

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Cite this