• TAJ

  • Referenced in 7 articles [sw33114]
  • effective taint analysis of web applications. Taint analysis, a form of information-flow analysis, establishes ... flow into security-sensitive operations. Taint analysis can detect many common vulnerabilities in Web applications ... community and industry. However, most static taint-analysis tools do not address critical requirements ... have designed and implemented a static Taint Analysis for Java (TAJ) that meets the requirements...
  • Dytan

  • Referenced in 6 articles [sw31722]
  • Dytan: a generic dynamic taint analysis framework. Dynamic taint analysis is gaining momentum. Techniques based ... affect efficiency and accuracy of the taint analysis, which further justifies...
  • FlowDroid

  • Referenced in 5 articles [sw26741]
  • field, object-sensitive and lifecycle-aware taint analysis for Android apps. Today’s smartphones ... such data intentionally. While existing static taint-analysis approaches have the potential of detecting such ... novel and highly precise static taint analysis for Android applications. A precise model of Android ... evaluating the effectiveness and accuracy of taint-analysis tools specifically for Android apps...
  • F4F

  • Referenced in 3 articles [sw29449]
  • taint analysis of framework-based web applications. This paper presents F4F (Framework For Frameworks ... system for effective taint analysis of framework-based web applications. Most modern web applications utilize ... specification of framework-related behaviors. A taint analysis engine can leverage these specifications to perform ... state-of-the-art taint-analysis engine. In an experimental evaluation, the taint analysis enhanced...
  • DTA++

  • Referenced in 2 articles [sw33315]
  • dynamic taint analysis with targeted control-flow propagation. Dynamic taint analysis (DTA) is a powerful ... caused by implicit flows, situations in which tainted data values affect control flow, which ... propose DTA++, an enhancement to dynamic taint analysis that additionally propagates taint along ... tainting that can occur when propagating taint along all control dependencies indiscriminately. We implement...
  • TaintDroid

  • Referenced in 9 articles [sw26740]
  • efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources...
  • LIFT

  • Referenced in 3 articles [sw20596]
  • flow tracking (also referred to as taint analysis) is a promising technique to detect...
  • BackFlow

  • Referenced in 1 article [sw34336]
  • backward context-sensitive flow reconstruction of taint analysis results. Taint analysis detects if data coming ... flow of tainted data from the results of the analysis, to understand why a specific ... starting from the results of a taint-analysis engine, reconstructs how tainted data flows inside ... been implemented on Julia’s static taint analysis. Experimental results on a set of standard...
  • SwordDTA

  • Referenced in 1 article [sw17035]
  • SwordDTA: A dynamic taint analysis tool for software vulnerability detection. Software vulnerabilities are the root ... various information security incidents while dynamic taint analysis is an emerging program analysis technique ... tool that can perform dynamic taint analysis for binaries. This tool is flexible and extensible ... detect software vulnerabilities with vulnerability modeling and taint check. We evaluate it with a number...
  • SymJS

  • Referenced in 2 articles [sw30522]
  • directed event space exploration, and dynamic taint analysis for enhancing event sequence construction. We illustrate...
  • DroidBench

  • Referenced in 1 article [sw13317]
  • suite for evaluating the effectiveness of taint-analysis tools specifically for Android apps. The suite ... dynamic taint analyses, but in particular it contains test cases for interesting static-analysis problems...
  • Apposcopy

  • Referenced in 1 article [sw40195]
  • malware families and (ii) a static analysis for deciding if a given application matches ... Apposcopy uses a combination of static taint analysis and a new form of program representation...
  • CoChecker

  • Referenced in 1 article [sw13316]
  • privilege escalation attacks using static taint analysis. We propose to build a call graph...
  • Mythril

  • Referenced in 0 articles [sw37686]
  • Mythril is a security analysis tool for EVM bytecode. It detects security vulnerabilities in smart ... uses symbolic execution, SMT solving and taint analysis to detect a variety of security vulnerabilities...
  • SmartCheck

  • Referenced in 0 articles [sw37692]
  • Solidity and implement SmartCheck - an extensible static analysis tool that detects them1. SmartCheck translates Solidity ... requires more sophisticated techniques such as taint analysis or even manual audit. We believe though...
  • Taintscope

  • Referenced in 0 articles [sw23360]
  • automatic fuzzing system using dynamic taint analysis and symbolic execution techniques, to tackle the above ... Window). Based on fine-grained dynamic taint tracing, TaintScope identifies which bytes in a well...
  • SEEAD

  • Referenced in 1 article [sw31769]
  • obfuscation approaches rely on dynamic analysis, but face the challenge of low code coverage ... profiling scheme is rife with taint and control dependence analysis to reduce the search overhead...
  • Pixy

  • Referenced in 5 articles [sw25249]
  • program. In addition, alias and literal analysis are employed to improve the correctness and precision ... targeted at the general class of taint-style vulnerabilities and can be applied...
  • AppTrace

  • Referenced in 1 article [sw38766]
  • does. Traditional dynamic analysis methodology, for instance, the TaintDroid, uses dynamic taint tracking technique ... this paper presents AppTrace, a novel dynamic analysis system that uses dynamic instrumentation technique...
  • Slither

  • Referenced in 0 articles [sw37688]
  • commonly used program analysis techniques like dataflow and taint tracking. Our framework has four main ... fast, accurate, and outperforms other static analysis tools at finding issues in Ethereum smart contracts...