all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Beware of the Unexpected: Bimodal Taint Analysis. (arXiv:2301.10545v1 [cs.SE])

Add to bookmarks
Jan. 26, 2023, 2:10 a.m. | Yiu Wai Chow, Max Schäfer, Michael Pradel

cs.CR updates on arXiv.org arxiv.org

Static analysis is a powerful tool for detecting security vulnerabilities and
other programming problems. Global taint tracking, in particular, can spot
vulnerabilities arising from complicated data flow across multiple functions.
However, precisely identifying which flows are problematic is challenging, and
sometimes depends on factors beyond the reach of pure program analysis, such as
conventions and informal knowledge. For example, learning that a parameter
"name" of an API function "locale" ends up in a file path is surprising and
potentially problematic. …

analysis api beyond data flow function functions global knowledge name parameter precisely problems program program analysis programming security static analysis taint analysis tool tracking vulnerabilities

Visit resource

More from arxiv.org / cs.CR updates on arXiv.org

IDEA: Invariant Defense for Graph Adversarial Robustness 1 day, 20 hours ago | arxiv.org
adversarial arxiv cs.cr cs.lg +4
BELT: Old-School Backdoor Attacks can Evade the State-of-the-Art Defense with Backdoor Exclusivity Lifting 1 day, 20 hours ago | arxiv.org
art arxiv attackers attacks +19
ZTD$_{JAVA}$: Mitigating Software Supply Chain Vulnerabilities via Zero-Trust Dependencies 1 day, 20 hours ago | arxiv.org
accelerate application application development arxiv +26
A Generative Framework for Low-Cost Result Validation of Machine Learning-as-a-Service Inference 1 day, 20 hours ago | arxiv.org
applications arxiv as-a-service cost +23
PA-Boot: A Formally Verified Authentication Protocol for Multiprocessor Secure Boot 1 day, 20 hours ago | arxiv.org
arxiv attack attacks attack surface +18
FairCMS: Cloud Media Sharing with Fair Copyright Protection 1 day, 20 hours ago | arxiv.org
arxiv cloud cloud platform copyright +16
Efficient unitary designs and pseudorandom unitaries from permutations 1 day, 20 hours ago | arxiv.org
algorithm arxiv construction cs.cr +9
Efficient and Near-Optimal Noise Generation for Streaming Differential Privacy 1 day, 20 hours ago | arxiv.org
arxiv cs.cc cs.cr cs.ds +11
Privacy-Preserving Statistical Data Generation: Application to Sepsis Detection 1 day, 20 hours ago | arxiv.org
application artificial artificial intelligence arxiv +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Salesforce Solution Consultant

@ BeyondTrust | Remote United States
View on infosec-jobs.com

Divisional Deputy City Solicitor, Public Safety Compliance Counsel - Compliance and Legislation Unit

@ City of Philadelphia | Philadelphia, PA, United States
View on infosec-jobs.com

Security Engineer, IT IAM, EIS

@ Micron Technology | Hyderabad - Skyview, India
View on infosec-jobs.com

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States
View on infosec-jobs.com

Werkstudent Cybersecurity (m/w/d)

@ Brose Group | Bamberg, DE, 96052
View on infosec-jobs.com
View more jobs