Improving Accuracy and Completeness of Source Code Static Taint Analysis
| Title | Improving Accuracy and Completeness of Source Code Static Taint Analysis |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Shimchik, N. V., Ignatyev, V. N., Belevantsev, A. A. |
| Conference Name | 2021 Ivannikov Ispras Open Conference (ISPRAS) |
| Date Published | dec |
| Keywords | codes, composability, Human Behavior, Metrics, Programming, pubcrawl, Resiliency, static analysis, static code analysis, taint analysis, vulnerabilities |
| Abstract | Static analysis is a general name for various methods of program examination without actually executing it. In particular, it is widely used to discover errors and vulnerabilities in software. Taint analysis usually denotes the process of checking the flow of user-provided data in the program in order to find potential vulnerabilities. It can be performed either statically or dynamically. In the paper we evaluate several improvements for the static taint analyzer Irbis [1], which is based on a special case of interprocedural graph reachability problem - the so-called IFDS problem, originally proposed by Reps et al. [2]. The analyzer is currently being developed at the Ivannikov Institute for System Programming of the Russian Academy of Sciences (ISP RAS). The evaluation is based on several real projects with known vulnerabilities and a subset of the Juliet Test Suite for C/C++ [3]. The chosen subset consists of more than 5 thousand tests for 11 different CWEs. |
| DOI | 10.1109/ISPRAS53967.2021.00014 |
| Citation Key | shimchik_improving_2021 |