Finer-grained taint analysis method based on reverse computing

doi:10.3969/j.issn.1000-1565.2019.04.016

Abstract

Abstract: The precision is a core consideration in dynamic taint analysis.Current dynamic taint analysis algorithms, including previous studies on bit-level dynamic taint analysis, have more or less defects that can lead to serious lack of precision, and the lack of precision directly leads to over-tainting problem.This paper discusses the limitations of the traditional dynamic taint analysis algorithm, and explains the causes of over-tainting during the taint propagation, and proposes a reverse-computing finer-grained dynamic taint analysis algorithm to generate the strategy of taint propagation.Experiments using the deobfuscation tool show that the dynamic taint analysis algorithm proposed in this paper can reduce code redundancy by 50% and significantly avoid the problem of over-tainting.

Key words: dynamic taint analysis, deobfuscation code, reverse computing, over-tainting

CLC Number:

TP309

QU Xueqing, ZHANG Shengchang. Finer-grained taint analysis method based on reverse computing[J]. Journal of Hebei University (Natural Science Edition), 2019, 39(4): 437-443.

References

[1] NEWSOME J, SONG D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software[C] //In Proceedings of the 12th Network and Distributed System Security Symposium. 2005, 5: 3-4.
[2] KEMERLIS V P, PORTOKALIDIS G, JEE K, et al. Libdft:practical dynamic data flow tracking for commodity systems[Z].The 8th ACM SIGPLAN/SIGOPS Conference on Virtual Execution Environments, London, England, 2012. DOI: 10.1145/2151024.2151042.
[3] DYCHKA I, TEREIKOVSKYI I, TEREIKOVSKA L, et al. Deobfuscation of computer virus malware code with value state dependence graph[C] //International Conference on Computer Science, Engineering and Education Applications, Springer, Cham, 2018:370-379.DOI:10.1007/978-3-319-91008-6_37.
[4] SHENEAMER A, ROY S, KALITA J. A detection framework for semantic code clones and obfuscated code[J]. Expert Systems With Applications, 2018, 97: 405-420.DOI:10.1016/j.eswa.2017.12.040.
[5] NETHERCOTE N, SEWARD J. Valgrind:A framework for heavyweight dynamic binary instrumentation[J]. AcmSigplan Notices, 2007, 42(6):89-100. DOI:10.1145/1273442.1250746.
[6] CAI J, ZOU P, XIONG D, et al. A guided fuzzing approach for security testing of network protocol software[Z]. 6th IEEE International Conference on Software Engineering and Service Science(ICSESS), Beijing, 2015. DOI: 10.1109/ICSESS.2015.7339160.
[7] CLAUSE J, LI W, ORSO A. Dytan: a generic dynamic taint analysis framework[Z].The 2007 International Symposium on Software Testing and Analysis,ACM,New York, 2007. DOI: 10.1145/1273463.1273490.
[8] ENCK W, GILBERT P, CHUN B G, et al. TaintDroid: an information-flow tracking system for real-time privacy monitoring on smartphones[J]. Transactions on Computer Systems, ACM,New York, 2014,32(2):1-29.DOI: 10.1145 / 2494522.
[9] DAI P, PAN Z, LI Y. A review of researching on dynamic taint analysis technique[Z].2018 3rd Joint International Information Technology, Mechanical and Electronic Engineering Conference, Paris, France,2018.. DOI:10.2991/jimec-18.2018.25.
[10] BANESCU S, COLLBERG C, GANESH V, et al. Code obfuscation against symbolic execution attacks[Z]. The 32nd Annual Conference on Computer Security Applications,ACM, New York, USA,2016. DOI:10.1145/2991079.2991114.
[11] 王蕾, 李丰, 李炼, 等. 污点分析技术的原理和实践应用[J]. 软件学报, 2017, 28(4):860-882.DOI: 10.13328/j.cnki.jos.005190.
[12] YADEGARI B, JOHANNESMEYER B, WHITELY B, et al. A generic approach to automatic deobfuscation of executable code[Z].IEEE Symposium on Security and Privacy, 2015. New York, USA. DOI:10.1109/SP.2015.47.
[13] YADEGARI B, DEBRAY S. Bit-level taint analysis[Z].IEEE International Working Conference on Source Code Analysis and Manipulation, Victoria, BC, Canada, 2014.DOI:10.1109/scam.2014.43.
[14] XU Z, SHI C, CHENG C C, et al. A dynamic taint analysis tool for android app forensics[Z].2018 IEEE Security and Privacy Workshops(SPW), San Francisco, 2018.DOI:10.1109/SPW.2018.00031.