Journal of Computer Applications ›› 2019, Vol. 39 ›› Issue (8): 2302-2309.DOI: 10.11772/j.issn.1001-9081.2019020238

• Cyber security • Previous Articles     Next Articles

Survey on taint analysis technology

REN Yuzhu1,2, ZHANG Youwei3, AI Chengwei1,2   

  1. 1. School of Cyber Security, Information Engineering University, Zhengzhou Henan 450001, China;
    2. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou Henan 450001, China;
    3. Advanced Technology Research Institute of Zhengzhou Xinda, Zhengzhou Henan 450001, China
  • Received:2019-02-18 Revised:2019-04-12 Online:2019-05-14 Published:2019-08-10

污点分析技术研究综述

任玉柱1,2, 张有为3, 艾成炜1,2   

  1. 1. 信息工程大学 网络空间安全学院, 郑州 450001;
    2. 数学工程与先进计算国家重点实验室, 郑州 450001;
    3. 郑州信大先进技术研究院, 郑州 450001
  • 通讯作者: 任玉柱
  • 作者简介:任玉柱(1985-),男,山东莱州人,硕士研究生,主要研究方向:逆向工程、漏洞挖掘;张有为(1975-),男,湖北荆州人,讲师,硕士,主要研究方向:逆向工程、电子取证、数据恢复;艾成炜(1990-),男,湖南益阳人,硕士研究生,主要研究方向:逆向工程、漏洞挖掘。

Abstract: Taint analysis technology is an important method to protect private data security and realize vulnerability detection, and it is also a hot area of information security research. The research status and development of taint analysis technology in recent years were summarized. The theoretical basis of taint analysis, the basic concepts, key technologies and research progress of static taint analysis and dynamic taint analysis were introduced. From the perspective of the implementation, the implementation methods, core ideas, advantages and disadvantages of four taint analysis technologies based on hardware, software, virtual environment and code were expounded; from the perspective of the flow of taint data, two typical applications in related fields, privacy data leakage detection and vulnerability detection, were outlined. Finally, the shortcomings of taint analysis were briefly analyzed, and the research prospects and development trends of the technology were predicted.

Key words: information flow analysis, static taint analysis, dynamic taint analysis, privacy data, vulnerability discovery

摘要: 污点分析技术是保护隐私数据安全和实现漏洞检测的重要技术手段,也是信息安全研究的热点领域。对近年来污点分析技术的研究现状和发展情况进行综述,介绍了污点分析的理论基础以及静态污点分析和动态污点分析的基本概念、关键技术和研究进展,并从技术实现方式的角度出发,阐述了基于硬件、软件、虚拟环境和代码等四种污点分析技术的实现方式、核心思想以及优缺点;然后,从污点数据流向的角度出发,概述了污点分析技术在相关领域的两种典型应用,即隐私数据泄露检测和漏洞探测;最后,简要分析了污点分析的缺点和不足,并展望该技术的研究前景和发展趋势。

关键词: 信息流分析, 静态污点分析, 动态污点分析, 隐私数据, 漏洞挖掘

CLC Number: