Merge-Replay: Efficient IFDS-Based Taint Analysis by Consolidating Equivalent Value Flows
The IFDS-based taint analysis employs two mutually iterative passes: a forward pass that identifies taints and a backward pass that detects aliases. This approach ensures both flow and context sensitivity, leading to remarkable precision. To preserve flow sensitivity, the IFDS-based taint analysis enhances data abstractions with activation statements that pinpoint the moment they acquire taint. Nonetheless, this mechanism can inadvertently introduce equivalent, yet redundant, value flows. This occurs when distinct activation statements are linked with the same data abstraction, resulting in unnecessary computational and memory-intensive demands on the analysis process.
We introduce MergeDroid, a novel approach to improve the efficiency of IFDS-based taint analysis by consolidating equivalent value flows. This involves merging activation statements linked to the same data abstraction from various reachable data facts that are reachable at a given program point during the backward pass. This process generates a representative symbolic activation statement applicable to all equivalent data facts, reducing them to a single symbolic data fact. During the forward pass, when this symbolic data fact returns to its point of creation, the analysis reverts to the original data facts alongside their initial activation statements. This merge-and-replay strategy eliminates redundant value flow propagation, resulting in performance gains. Furthermore, we also improve analysis efficiency and precision by leveraging context-sensitive insights from activation statements. Our evaluation on 40 Android apps demonstrates that MergeDroid significantly enhances IFDS-based taint analysis performance. On average, MergeDroid accelerates analysis by 9.0× while effectively handling 6 more apps scalably. Additionally, it reduces false positives by significantly decreasing reported leak warnings, achieving an average reduction of 19.2%.
|Merge-Replay Slides (merge-replay-slides.pdf)||833KiB|
Tue 12 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
13:30 - 15:00
|A Needle is an Outlier in a Haystack: Hunting Malicious PyPI Packages with Code Clustering|
Wentao Liang Institute of Software, Chinese Academy of Sciences, Xiang Ling Institute of Software, Chinese Academy of Sciences, Jingzheng Wu Institute of Software, The Chinese Academy of Sciences, Tianyue Luo Institute of Software, Chinese Academy of Sciences, Yanjun Wu Institute of Software, Chinese Academy of SciencesFile Attached
|Merge-Replay: Efficient IFDS-Based Taint Analysis by Consolidating Equivalent Value Flows|
Research PapersPre-print File Attached
|Learning to Locate and Describe Vulnerabilities|
|When Less is Enough: Positive and Unlabeled Learning Model for Vulnerability Detection|
|The Secret Life of Software Vulnerabilities: A Large-Scale Empirical Study|
Emanuele Iannone University of Salerno, Roberta Guadagni University of Salerno, Filomena Ferrucci University of Salerno, Andrea De Lucia University of Salerno, Fabio Palomba University of SalernoLink to publication DOI Pre-print Media Attached
|SCPatcher: Mining Crowd Security Discussions to Enrich Secure Coding Practices|
Ziyou Jiang Institute of Software at Chinese Academy of Sciences, Lin Shi Beihang University, Guowei Yang University of Queensland, Qing Wang Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of SciencesMedia Attached File Attached