|
|
 |
| |
|
|
|
An Input Data Related Behavior Extracting and Measuring Model |
|
|
|
PP: 683-689 |
|
|
|
Author(s) |
|
|
|
Dan Wang,
Min Dong,
Wenbing Zhao,
|
|
|
|
Abstract |
|
|
| It is difficult to dynamically assess the runtime trustworthiness of a software program. Improperly validated user input is
the underlying root cause for a wide variety of attacks on applications. This paper proposes an approach for constructing a trusted
software behaviour model related with the input data for identifying and tracking the insecure information flows based on dynamic
tainting analysis and dynamic slicing technology. It can tag and track user input at runtime and prevents its improper use to maliciously
affect the execution of the program. We regard an instruction as a basic analysis unit and focus on information flow caused by variable
assignment, the information flow of each instruction is defined as its behaviour specification. During the execution, instructions that
use untrusted variable are tracked to determine whether the address modified by the instructions belongs to the specification or not.
A method of extraction and checking of the behaviour specification was researched and designed. In order to prove for efficiency and
performance of the model, a set of tests were conducted, and preliminary results show the validity of our approach. |
|
|
|
|
|
|
|
