TASEL: Dynamic Taint Analysis with selective control dependency

Byeongho Kang, Tae Guen Kim, Boo Joong Kang, Eul Gyu Im, Minsoo Ryu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

Dynamic Taint Analysis (DTA) is an approach used for software testing and vulnerability analysis. The vanilla DTA method is widely used, but its simple taint propagation does not consider any control dependency. Therefore, vanilla DTA generally suffers from the under-tainting caused by control dependency. The under-tainting can be problematic when analyzers try to check vulnerabilities of software. In this paper, we propose Dynamic Taint Analysis with Selective Control Dependency (TASEL), to mitigate the under-tainting problem caused by control dependency. Our technique detects control-dependent data which have possibilities to change the program's control flows. We implemented TASEL using Intel Pin, and applied it for the commodity programs such as Microsoft Notepad. Experimental results show our proposed method successfully resolves the under-tainting problem, without causing the over-tainting problem.

Original languageEnglish
Title of host publicationProceedings of the 2014 Research in Adaptive and Convergent Systems, RACS 2014
PublisherAssociation for Computing Machinery, Inc
Pages272-277
Number of pages6
ISBN (Electronic)9781450330602
DOIs
Publication statusPublished - 2014 Jan 1
Event2014 Conference on Research in Adaptive and Convergent Systems, RACS 2014 - Towson, United States
Duration: 2014 Oct 52014 Oct 8

Other

Other2014 Conference on Research in Adaptive and Convergent Systems, RACS 2014
CountryUnited States
CityTowson
Period14/10/514/10/8

    Fingerprint

Keywords

  • Binary file analysis
  • Control dependency
  • Dynamic Taint Analysis
  • Software analysis
  • Vulnerability analysis

Cite this

Kang, B., Kim, T. G., Kang, B. J., Im, E. G., & Ryu, M. (2014). TASEL: Dynamic Taint Analysis with selective control dependency. In Proceedings of the 2014 Research in Adaptive and Convergent Systems, RACS 2014 (pp. 272-277). Association for Computing Machinery, Inc. https://doi.org/10.1145/2663761.2664219