Abstract
Dynamic information flow tracking is a positive step towards the prevention of untrusted data injection and protection from possible exploits of such data. This emphasizes the importance of tracking the suspicious data flows at run-time to ensure neither the exploitation of data nor security violation. In this work, we have contemplated enhancing the competence of Static Taint Tracking (STT) to seamlessly support Dynamic Taint Tracking (DTT) using data flow analysis. The concept of definition-used (def-use) is used for source code analysis to capture the potential taint propagation paths represented using the Data Flow Graph (DFG). The extracted paths from the DFG provides prior information about all the potential taint propagation paths which extensively needed to be considered for DTT. We have tested our proposed methodology on some well-known benchmarks such as Firefox, SQLite3, Gzip, and Zlib. It is observed that the proposed method can identify all potential taint source propagation paths that cover pointers, branch conditions, inter-procedure, and inter-module data flows. The evaluation results show that this work will be very useful in guiding the dynamic taint tracking to achieve efficient and accurate detection of suspicious information flow.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
