TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
TaintEraser: protecting sensitive data leaks using application-level taint tracking
ACM SIGOPS Operating Systems Review
Symbolic execution for software testing in practice: preliminary assessment
Proceedings of the 33rd International Conference on Software Engineering
GuardRails: a data-centric web application security framework
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Vulnerability extrapolation: assisted discovery of vulnerabilities using machine learning
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
Q: exploit hardening made easy
SEC'11 Proceedings of the 20th USENIX conference on Security
JACKSTRAWS: picking command and control connections from bot traffic
SEC'11 Proceedings of the 20th USENIX conference on Security
BAP: a binary analysis platform
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
A systematic analysis of XSS sanitization in web application frameworks
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Linear obfuscation to combat symbolic execution
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications
Proceedings of the 18th ACM conference on Computer and communications security
Defining code-injection attacks
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Minemu: the world's fastest taint tracker
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Precomputing possible configuration error diagnoses
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Static detection of unsafe component loadings
CC'12 Proceedings of the 21st international conference on Compiler Construction
CloudFilter: practical control of sensitive data propagation to the cloud
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
PeerPress: utilizing enemies' P2P strength against them
Proceedings of the 2012 ACM conference on Computer and communications security
Automatic generation of vaccines for malware immunization
Proceedings of the 2012 ACM conference on Computer and communications security
Understanding the behavior of database operations under program control
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
DTAM: dynamic taint analysis of multi-threaded programs for relevancy
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
THAPS: automated vulnerability scanning of PHP applications
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Taint analysis of security code in the KLEE symbolic execution engine
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
iBinHunt: binary hunting with inter-procedural control flow
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
State of the art: Dynamic symbolic execution for automated test generation
Future Generation Computer Systems
Inlined monitors for security policy enforcement in web applications
Proceedings of the 17th Panhellenic Conference on Informatics
Chucky: exposing missing checks in source code for vulnerability discovery
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Machine code verification of a tiny ARM hypervisor
Proceedings of the 3rd international workshop on Trustworthy embedded devices
MetaSymploit: day-one defense against script-based attacks with security-enhanced symbolic analysis
SEC'13 Proceedings of the 22nd USENIX conference on Security
Systematic audit of third-party android phones
Proceedings of the 4th ACM conference on Data and application security and privacy
User-defined backtracking criteria for symbolic execution
ACM SIGSOFT Software Engineering Notes
| Hi-index | 0.00 |
Dynamic taint analysis and forward symbolic execution are quickly becoming staple techniques in security analyses. Example applications of dynamic taint analysis and forward symbolic execution include malware analysis, input filter generation, test case generation, and vulnerability discovery. Despite the widespread usage of these two techniques, there has been little effort to formally define the algorithms and summarize the critical issues that arise when these techniques are used in typical security contexts. The contributions of this paper are two-fold. First, we precisely describe the algorithms for dynamic taint analysis and forward symbolic execution as extensions to the run-time semantics of a general language. Second, we highlight important implementation choices, common pitfalls, and considerations when using these techniques in a security context.