Abstract
It is difficult to dynamically assess the runtime trustworthiness of a software program. Improperly validated user input is the underlying root cause for a wide variety of attacks on applications. This paper proposes an approach for constructing a trusted software behaviour model related with the input data for identifying and tracking the insecure information flows based on dynamic tainting analysis and dynamic slicing technology. It can tag and track user input at runtime and prevents its improper use to maliciously affect the execution of the program. We regard an instruction as a basic analysis unit and focus on information flow caused by variable assignment, the information flow of each instruction is defined as its behaviour specification. During the execution, instructions that use untrusted variable are tracked to determine whether the address modified by the instructions belongs to the specification or not. A method of extraction and checking of the behaviour specification was researched and designed. In order to prove for efficiency and performance of the model, a set of tests were conducted, and preliminary results show the validity of our approach.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
