Context-sensitive taint analysis
First Claim
Patent Images
1. A non-transitory processor-readable medium storing code that when executed by at least one processor causes the at least one processor to:
- identify a taint processing applied to a tainted value of an application;
determine a first output context of the application associated with output of the tainted value from the application;
determine whether the taint processing is effective in mitigating a security vulnerability caused by the tainted value for the first output context, wherein the application includes a plurality of output contexts including the first output context; and
generate a notification if the taint processing is determined to be ineffective in mitigating the security vulnerability caused by the tainted value for the first output context, wherein the taint processing is ineffective in mitigating the security vulnerability caused by the tainted value for the first output context, but the taint processing is effective in mitigating the security vulnerability caused by the tainted value for another of the plurality of output contexts.
8 Assignments
0 Petitions
Accused Products
Abstract
A taint processing applied to a tainted value of an application is identified and an output context of the application associated with output of the tainted value is determined. It is determined whether the taint processing is effective in mitigating a security vulnerability caused by the tainted value for the output context.
228 Citations
22 Claims
-
1. A non-transitory processor-readable medium storing code that when executed by at least one processor causes the at least one processor to:
-
identify a taint processing applied to a tainted value of an application; determine a first output context of the application associated with output of the tainted value from the application; determine whether the taint processing is effective in mitigating a security vulnerability caused by the tainted value for the first output context, wherein the application includes a plurality of output contexts including the first output context; and generate a notification if the taint processing is determined to be ineffective in mitigating the security vulnerability caused by the tainted value for the first output context, wherein the taint processing is ineffective in mitigating the security vulnerability caused by the tainted value for the first output context, but the taint processing is effective in mitigating the security vulnerability caused by the tainted value for another of the plurality of output contexts. - View Dependent Claims (2, 3, 4, 5, 6, 13, 14, 15, 16, 17, 18, 19, 21)
-
-
7. A context-sensitive taint analysis system, comprising:
-
a taint monitor to monitor a taint processing of a tainted value of an application; an output context monitor to monitor a current output context from a plurality of output contexts of the application; and an analysis module to; determine that the tainted value is associated with output of the current output context, and determine whether the taint processing applied to the tainted value is effective in mitigating a security vulnerability caused by the tainted value for the current output context, wherein the taint processing is ineffective in mitigating the security vulnerability caused by the tainted value for the current output context, but the taint processing is effective in mitigating the security vulnerability caused by the tainted value for another of the plurality of output contexts. - View Dependent Claims (8, 9, 10, 11, 12, 20, 22)
-
Specification