all InfoSec news
Beware of the Unexpected: Bimodal Taint Analysis. (arXiv:2301.10545v1 [cs.SE])
cs.CR updates on arXiv.org arxiv.org
Static analysis is a powerful tool for detecting security vulnerabilities and
other programming problems. Global taint tracking, in particular, can spot
vulnerabilities arising from complicated data flow across multiple functions.
However, precisely identifying which flows are problematic is challenging, and
sometimes depends on factors beyond the reach of pure program analysis, such as
conventions and informal knowledge. For example, learning that a parameter
"name" of an API function "locale" ends up in a file path is surprising and
potentially problematic. …
analysis api beyond data flow function functions global knowledge name parameter precisely problems program program analysis programming security static analysis taint analysis tool tracking vulnerabilities