Visible to the public ConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis

TitleConDySTA: Context-Aware Dynamic Supplement to Static Taint Analysis
Publication TypeConference Paper
Year of Publication2021
AuthorsZhang, Xueling, Wang, Xiaoyin, Slavin, Rocky, Niu, Jianwei
Conference Name2021 IEEE Symposium on Security and Privacy (SP)
KeywordsBenchmark testing, composability, Context Sensitivity, Dynamic Supplement, Heuristic algorithms, Metrics, privacy, pubcrawl, Sensitivity, Software systems, static analysis, taint analysis, Tools
AbstractStatic taint analyses are widely-applied techniques to detect taint flows in software systems. Although they are theoretically conservative and de-signed to detect all possible taint flows, static taint analyses almost always exhibit false negatives due to a variety of implementation limitations. Dynamic programming language features, inaccessible code, and the usage of multiple programming languages in a software project are some of the major causes. To alleviate this problem, we developed a novel approach, DySTA, which uses dynamic taint analysis results as additional sources for static taint analysis. However, naively adding sources causes static analysis to lose context sensitivity and thus produce false positives. Thus, we developed a hybrid context matching algorithm and corresponding tool, ConDySTA, to preserve context sensitivity in DySTA. We applied REPRODROID [1], a comprehensive benchmarking framework for Android analysis tools, to evaluate ConDySTA. The results show that across 28 apps (1) ConDySTA was able to detect 12 out of 28 taint flows which were not detected by any of the six state-of-the-art static taint analyses considered in ReproDroid, and (2) ConDySTA reported no false positives, whereas nine were reported by DySTA alone. We further applied ConDySTA and FlowDroid to 100 top Android apps from Google Play, and ConDySTA was able to detect 39 additional taint flows (besides 281 taint flows found by FlowDroid) while preserving the context sensitivity of FlowDroid.
DOI10.1109/SP40001.2021.00040
Citation Keyzhang_condysta_2021