Jaint: A Framework for User-Defined Dynamic Taint-Analyses based on Dynamic Symbolic Execution of Java Programs
Uložené v:
| Názov: | Jaint: A Framework for User-Defined Dynamic Taint-Analyses based on Dynamic Symbolic Execution of Java Programs |
|---|---|
| Autori: | Mues, Malte, Schallau, Till, Howar, Falk |
| Prispievatelia: | Koziolek, Anne, Schaefer, Ina, Seidl, Christoph |
| Informácie o vydavateľovi: | Gesellschaft für Informatik e.V. |
| Rok vydania: | 2021 |
| Predmety: | Dynamic Symbolic Execution, Domain Specific Languages, Java Bytecode Analysis, Dynamic Taint Analysis |
| Popis: | We summarize the paper "Jaint: A Framework for User-Defined Dynamic Taint-Analyses Based on Dynamic Symbolic Execution of Java Programs", published at the sixteenth international conference on integrated formal methods in November 2020. Reliable and scalable methods for security analyses of Java applications are an important enabler for a secure digital infrastructure. In this paper, we present a security analysis that integrates dynamic symbolic execution and dynamic multi-colored taint analysis of Java programs, combining the precision of dynamic analysis with the exhaustive exploration of symbolic execution. We implement the approach in the Jaint tool, based on Jdart, a dynamic symbolic execution engine for Java PathFinder, and evaluate its performance by comparing precision and runtimes to other research tools on the OWASP benchmark set. The paper also presents a domain-specific language for taint analyses that is more expressive than the source and sink specifications found in publicly available tools and enables precise, CWE-specific specification of undesired data flows. This summary presents Jaint’s language and the evaluation. |
| Druh dokumentu: | other/unknown material |
| Popis súboru: | application/pdf |
| Jazyk: | English |
| Relation: | Software Engineering 2021; ecture Notes in Informatics (LNI) - Proceedings, Volume P-310; https://dl.gi.de/handle/20.500.12116/34522 |
| DOI: | 10.18420/SE2021_27 |
| Dostupnosť: | https://dl.gi.de/handle/20.500.12116/34522 https://hdl.handle.net/20.500.12116/34522 https://doi.org/10.18420/SE2021_27 |
| Prístupové číslo: | edsbas.C10369B0 |
| Databáza: | BASE |
Nájsť tento článok vo Web of Science | Abstrakt: | We summarize the paper "Jaint: A Framework for User-Defined Dynamic Taint-Analyses Based on Dynamic Symbolic Execution of Java Programs", published at the sixteenth international conference on integrated formal methods in November 2020. Reliable and scalable methods for security analyses of Java applications are an important enabler for a secure digital infrastructure. In this paper, we present a security analysis that integrates dynamic symbolic execution and dynamic multi-colored taint analysis of Java programs, combining the precision of dynamic analysis with the exhaustive exploration of symbolic execution. We implement the approach in the Jaint tool, based on Jdart, a dynamic symbolic execution engine for Java PathFinder, and evaluate its performance by comparing precision and runtimes to other research tools on the OWASP benchmark set. The paper also presents a domain-specific language for taint analyses that is more expressive than the source and sink specifications found in publicly available tools and enables precise, CWE-specific specification of undesired data flows. This summary presents Jaint’s language and the evaluation. |
|---|---|
| DOI: | 10.18420/SE2021_27 |