A Taint Analysis Approach for Trace and Vulnerability Validation

Static analysis methods are widely used to detect privacy leaks in the Android applications and potential bugs are detected by the form of (Source,Sink),but many false alarms are generated as well.To address the problem,this paper proposes a context-sensitive and field-sensitive taint analysis appro...

Full description

Bibliographic Details
Published in:Jisuanji gongcheng
Main Author: QIN Biao, GUO Fan, YANG Chenxia
Format: Article
Language:English
Published: Editorial Office of Computer Engineering 2020-05-01
Subjects:
taint analysis|context sensitivity|field sensitivity|taint propagation|formal definition
Online Access:https://www.ecice06.com/fileup/1000-3428/PDF/20200522.pdf
Description
Summary:Static analysis methods are widely used to detect privacy leaks in the Android applications and potential bugs are detected by the form of (Source,Sink),but many false alarms are generated as well.To address the problem,this paper proposes a context-sensitive and field-sensitive taint analysis approach.The operational semantics of taint propagation and the consistent constraints are formally defined to ensure taint propagation to be semantically correct.Trace segments generated after instrumenting and running an Android applications is also analyzed to verify if a potential bug is really true.A prototype system is implemented based on Soot and tested on seventy applications from the DroidBench dataset. Experimental results show that the proposed method can successfully verified four false positives and found eight false negatives,demonstrating that the proposed method is capable of verifying the correctness of static analysis results.
ISSN:1000-3428

Similar Items