In this paper,based on a flow and context-sensitive SSA(static single assignment) information-flow analysis,a fine-grained and scalable approach is proposed for taint propagation analysis,which can not only track tainted data and its propagation path with control and data-flow properties,but also detect the vulnerabilities such as buffer overflow and format string bugs successfully.During the analysis,pieces of code considered vulnerable are instrumented with dynamic verification routines,so that runtime security is guaranteed in the absence of user intervention.The analysis system is implemented as an extension of GCC compiler,and the experiments have proven that this approach is efficient,holding both optimized accuracy and time-space cost.
Read full abstract