A Method of Tainted Data Detection Based on Static Code Analysis
- DOI
- 10.2991/icmmcce-15.2015.435How to use a DOI?
- Keywords
- security, static analysis, tainted data.
- Abstract
In the modern society, with the high-speed development of computer science and technology, the wave of the Internet economy is around the world, the use of computer software in every corner of our lives, various applications emerge in endlessly, people pay more and more attention on software security. Tainted data which comes from the external input variables and has been used by some function without detection of legitimacy is a kind of code security defect. In this paper, the author provides a detailed analysis and classification on the cause of the security defect, and introduces a method of tainted data detection based on static code analysis. The detection method preprocesses the code firstly to create abstract syntax tree, symbol table, control flow graph and function call graph. To analysis the relationship between the function calls, the author uses the function summary instead of expansion of the functions. In the last, by using this method to detect some open source projects, the experiment shows that this method has both lower positive rate and negative rate.
- Copyright
- © 2015, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Yifei Xiao AU - Dahai Jin AU - Dalin Zhang PY - 2015/12 DA - 2015/12 TI - A Method of Tainted Data Detection Based on Static Code Analysis BT - Proceedings of the 4th International Conference on Mechatronics, Materials, Chemistry and Computer Engineering 2015 PB - Atlantis Press SP - 1271 EP - 1276 SN - 2352-538X UR - https://doi.org/10.2991/icmmcce-15.2015.435 DO - 10.2991/icmmcce-15.2015.435 ID - Xiao2015/12 ER -