Static program analysis assisted dynamic taint tracking for software vulnerability discovery

Static program analysis assisted dynamic taint tracking for software vulnerability discovery

The evolution of computer science has exposed us to the growing gravity of security problems and threats. Dynamic taint analysis is a prevalent approach to protect a program from malicious behaviors, but fails to provide any information about the code which is not executed. This paper describes a novel approach to overcome the limitation of traditional dynamic taint analysis by integrating stat...

Towards Vulnerability Discovery Using Staged Program Analysis

Eliminating vulnerabilities from low-level code is vital for securing software. Static analysis is a promising approach for discovering vulnerabilities since it can provide developers early feedback on the code they write. But, it presents multiple challenges not the least of which is understanding what makes a bug exploitable and conveying this information to the developer. In this paper, we p...

Fuzzing for software vulnerability discovery

Dynamic Taint Tracking in Managed Runtimes

This paper provides a taxonomy of runtime taint tracking approaches for managed code, such as code written in Java, C#, PHP, Perl, or Ruby. It covers main applications of data tainting such as preventing web application vulnerabilities including crosssite scripting and SQL injection attacks, along with disallowing privacy-sensitive data leaks. In addition to giving an overview of related litera...

Vulnerability discovery & software security

This dissertation is the result of my own work and includes nothing which is the outcome of work done in collaboration except where specifically indicated in the text. This dissertation does not exceed the regulation length of 60,000 words, including tables and footnotes, but excluding the bibliography and appendix. Acknowledgements My work has been supported at various times by a Marshall Scho...