[1] EVANS D. The Internet of things:how the next evolution of the Internet is changing everything[EB/OL].[2018-12-03]. https://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf. [2] 吴泽智,陈性元,杨智,等.信息流控制研究进展[J].软件学报,2017,28(1):135-159. (WU Z Z, CHEN X Y, YANG Z, et al. Survey on information flow control[J]. Journal of Software, 2017, 28(1):135-159.) [3] 王蕾,李丰,李炼,等.污点分析技术的原理和实践应用[J].软件学报,2017,28(4):860-882. (WANG L, LI F, LI L, et al. Principle and practice of taint analysis[J]. Journal of Software, 2017, 28(4):860-882.) [4] CLAUSE J, LI W, ORSO A. Dytan:a generic dynamic taint analysis framework[C]//Proceedings of the 2007 International Symposium on Software Testing and Analysis. New York:ACM, 2007:196-206. [5] LIVSHITS V B, LAM M S. Finding security vulnerabilities in Java applications with static analysis[C]//Proceedings of the 14th Conference on USENIX Security Symposium. Berkeley, CA:USENIX Association, 2005, 14:271-286. [6] TRIPP O, PISTOIA M, COUSOT P, et al. ANDROMEDA:accurate and scalable security analysis of Web applications[C]//Proceedings of the 2013 International Conference on Fundamental Approaches to Software Engineering, LNCS 7793. Berlin:Springer, 2013:210-225. [7] KINDER J, VEITH H. Jakstab:a static analysis platform for binaries[C]//Proceedings of the 2008 International Conference on Computer Aided Verification, LNCS 5123. Berlin:Springer, 2008:423-427. [8] XIA M, GONG L, LYU Y, et al. Effective real-time Android application auditing[C]//Proceedings of the 2015 IEEE Symposium on Security and Privacy. Washington, DC:IEEE Computer Society, 2015:899-914. [9] 黄强,曾庆凯.基于信息流策略的污点传播分析及动态验证[J].软件学报,2011,22(9):2036-2048. (HUANG Q, ZENG Q K. Taint propagation analysis and dynamic verification with information flow policy[J]. Journal of Software, 2011, 22(9):2036-2048.) [10] DALTON M, KANNAN H, KOZYRAKIS C. Raksha:a flexible information flow architecture for software security[C]//Proceedings of the 34th International Symposium on Computer Architecture. New York:ACM, 2007:482-493. [11] ZHU D (Y), JUNG J, SONG D, et al. TaintEraser:protecting sensitive data leaks using application-level taint tracking[J]. ACM SIDOPS Operating Systems Review, 2011, 45(1):142-154. [12] ENCK W, GILBERT P, CHUN B-G, et al. TaintDroid:an information flow tracking system for real-time privacy monitoring on smartphones[J]. Communications of the ACM, 2014, 57(3):99-106. [13] EFSTATHOPOULOS P, KROHN E, VANDEBOGART S, et al. Labels and event processes in the Asbestos operating system[J]. ACM SIGOPS Operating Systems Review, 2005, 39(5):17-30. [14] BELL J, KAISER G. Phosphor:illuminating dynamic data flow in commodity JVMs[J]. ACM SIGPLAN Notices, 2014, 49(10):83-101. [15] TRIPP O, PISTOIA M, FINK S J, et al. TAJ:effective taint analysis of Web applications[J]. ACM SIGPLAN Notices, 2009, 44(6):87-97. [16] 梁彬,龚伟刚,游伟,等. JavaScript优化编译执行模式下的动态污点分析技术[J].清华大学学报:自然科学版,2017(9):932-938. (LIANG B, HONG W G, YOU W, et al. DTA technique for JavaScript optimizing compilation mode[J]. Journal of Tsinghua University (Science and Technology), 2017, 57(9):932-938.) [17] YOON M, SALAJEGHEH N, CHEN Y, et al. PIFT:predictive Information-flow tracking[J]. ACM SIGARCH Computer Architecture News, 2016, 44(2):713-725. [18] GIBLER C, CRUSSELL J, ERICKSON J, et al. AndroidLeaks:automatically detecting potential privacy leaks in Android applications on a large scale[C]//Proceedings of the 2012 International Conference on Trust & Trustworthy Computing, LNCS 7344. Berlin:Springer, 2012:291-307. [19] LU L, LI Z C, WU Z Y, et al. CHEX:statically vetting Android apps for component hijacking vulnerabilities[C]//Proceedings of the 2012 ACM Conference on Computer & Communications Security. New York:ACM, 2012:229-240. [20] ARZT S, RASTHOFER S, FRITZ C, et al. FlowDroid:precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps[J]. ACM SIGPLAN Notices, 2014, 49(6):259-269. [21] OCTEAU D, MCDANIEL P, JHA S, et al. Effective inter-component communication mapping in Android with Epicc:an essential step towards holistic security analysis[C]//Proceedings of the 22nd USENIX Conference on Security. Berkeley, CA:USENIX Association, 2013:543-558. [22] 刘阳,俞研.基于动态污点分析的Android隐私泄露检测方法[J].计算机应用与软件,2017(9):142-146. (LIU Y, YU Y. Detection of Android privacy leak based on dynamic taint analysis[J]. Computer Applications and Software, 2017, 34(9):142-146.) [23] RATHI D, JINDAL R. DroidMark:a tool for android malware detection using taint analysis and Bayesian network[J]. International Journal on Recent and Innovation Trends in Computing and Communication. 2018, 6(5):71-76. [24] 达小文,毛俐旻,吴明杰,等.一种基于补丁比对和静态污点分析的漏洞定位技术研究[J]. 信息网络安全,2017(9):5-9. (DA X W, MAO L M, WU M J, et al. Research on a vulnerability locaction technology based on patch matching and static taint analysis[J]. Netinfo Security, 2017(9):5-9.) [25] 王允超,魏强,武泽慧.基于静态污点分析的Android应用Intent注入漏洞检测方法[J].计算机科学,2016,43(9):192-196. (WANG Y C, WEI Q, WU Z H. Approach of Android applications Intent injection vulnerability detection based on static taint analysis[J]. Computer Science, 2016, 43(9):192-196.) [26] PARAMESHWARAN I, BUDIANTO E, SHINDE S, et al. DexterJS:robust testing platform for DOM-based XSS vulnerabilities[C]//Proceedings of the 10th Joint Meeting on Foundations of Software Engineering. New York:ACM, 2015:946-949. [27] KANG M G, POOSANKAM P, YIN H. Renovo:a hidden code extractor for packed executables[C]//Proceedings of the 2007 ACM Workshop on Recuring Malcode. New York:ACM. 2007:46-53. [28] PORTOKALIDIS G, BOS H. Eudaemon:involuntary and on-demand emulation against zero-day exploits[C]//Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems. New York:ACM, 2008:287-299. [29] TRIPP O, RUBIN J. A Bayesian approach to privacy enforcement in smartphones[C]//Proceedings of the 23rd USENIX Conference on Security Symposium. Berkeley, CA:USENIX Association, 2014:175-190. [30] 马金鑫,李舟军,张涛,等.基于执行踪迹离线索引的污点分析方法研究[J].软件学报,2017,28(9):2388-2401. (MA J X, LI Z J, ZHAO T, et al. Taint analysis method based on offline indices of instruction trace[J]. Journal of Software, 2017, 28(9):2388-2401.) [31] BAI G, YE Q, WU Y, et al. Towards model checking Android applications[J]. IEEE Transactions on Software Engineering, 2018, 44(6):595-612. [32] GANAI M, LEE D, GUPTA A. DTAM:dynamic taint analysis of multi-threaded programs for relevancy[C]//Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering. New York:ACM, 2012:No.46. [33] 董国良,臧洌,李航,等.一种应用于动态污点分析的路径自动生成方法[J].计算机与现代化,2017(7):32-37,41. (DONG G L, ZANG L, LI H, et al. A path automatic generation method for dynamic taint analysis[J]. Computer and Modernization, 2017(7):32-37, 41.) [34] SHOSHITAISHVILI Y, WANG R, SALLS C, et al. SOK:(state of) the art of war:offensive techniques in binary analysis[C]//Proceeddings of the 2016 IEEE Symposium on Security and Privacy. Washington, DC:IEEE Computer Society, 2016:138-157. [35] WANG Z, TANG Z, ZHOU K, et al. DsVD:an effective low-overhead dynamic software vulnerability discoverer[C]//Proceedings of the 10th International Symposium on Autonomous Decentralized Systems. Washington, DC:IEEE Computer Society, 2011:372-377. [36] 诸葛建伟,陈力波,田繁,等.基于类型的动态污点分析技术研究[J].清华大学学报(自然科学版),2012,52(10):1320-1334. (ZHUGE J W, CHEN L B, TIAN F, et al. Research of technology for type-based dynamic taint analysis[J]. Journal of Tsinghua University (Science and Technology), 2012, 52(10):1320-1334.) [37] 朱正欣,曾凡平,黄心依.二进制程序的动态符号化污点分析[J].计算机科学,2016,43(2):155-158,187. (ZHU Z X, ZENG F P, HUANG X Y. Dynamic symbolic taint analysis of binary programs[J]. Computer Science, 2016, 43(2):155-158,187.) [38] SONG D, BRUMLEY D, YIN H, et al. BitBlaze:a new approach to computer security via binary analysis[C]//Proceedings of the 2008 International Conference on Information Systems Security, LNCS 5352. Berlin:Springer, 2008:1-25. [39] 张玉清,方喆君,王凯,等.Android安全漏洞挖掘技术综述[J].计算机研究与发展,2015,52(10):2167-2177. (ZHANG Y Q, FANG Z J, WANG K, et al. Survey of Android vulnerability detection[J]. Journal of Computer Research and Development, 2015, 52(10):2167-2177.) [40] ZHENG C, ZHU S, DAI S, et al. SmartDroid:an automatic system for revealing UI-based trigger conditions in Android applications[C]//Proceedings of the 2nd ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. New York:ACM, 2012:93-104. [41] BHORASKAR R, HAN S, JEON J, et al. Brahmastra:driving Apps to test the security of third-party components[C]//Proceedings of the 23nd USENIX Security Symposium. Berkeley,CA:USENIX Association 2014:1021-1036. [42] GANESH V, LEEK T, RINARD M. Taint-based directed whitebox fuzzing[C]//Proceedings of the 31st IEEE International Conference on Software Engineering. Washington, DC:IEEE Computer Society, 2009:474-484. [43] WANG T, WEI T, GU G, et al. Checksum-aware fuzzing combined with dynamic taint analysis and symbolic execution[J]. ACM Transactions on Information & System Security, 2011, 14(2):No.15. [44] SCHVTTE J, BROST G S. LUCON:data flow control for message-based IoT systems[J]. arXiv E-print, 2018:arXiv:1805.05887. |