隐式信息流重组粒度与污点传播能力判别  

作　　者：唐成华[1,2] 杜征 关晓龙 强保华 TANG Chenghua;DU Zheng;GUAN Xiaolong;QIANG Baohua(Guangxi Key Laboratory of Trusted Software,Guilin University of Electronic Technology,Guilin 541004,China;Guangxi Key Laboratory of Cryptography and Information Security,Guilin 541004,China;Guangxi Cloud Computing and Big Data Collaborative Innovation Center,Guilin 541004,China)

机构地区：[1]桂林电子科技大学广西可信软件重点实验室,广西桂林541004 [2]广西密码学与信息安全重点实验室,广西桂林541004 [3]广西云计算与大数据协同创新中心,广西桂林541004

出　　处：《小型微型计算机系统》2024年第6期1512-1520,共9页Journal of Chinese Computer Systems

基　　金：国家自然科学基金项目(62062028)资助;广西可信软件重点实验室基金项目(kx201918)资助;广西密码学与信息安全重点实验室基金项目(GCIS201619,GCIS201801)资助;广西云计算与大数据协同创新中心项目(YF17101)资助;桂林电子科技大学研究生创新项目(2022YCXS070)资助。

摘　　要：污点分析中的隐式信息流由于其通过控制流传播污点的特性导致许多基于数据流的污点分析技术无效或分析效率低.本文提出了一种简洁有效的基于重组粒度的隐式信息流污点传播能力判别方法.通过预定义重组链构建规则,并基于程序切片和控制依赖关系给出了隐式信息重组链构建算法,在重组链各端点的信息重组粒度计算的基础上,获得隐式信息流的重组粒度及重组比值,能判别其污点传播能力.此外,实验开发了一个包含15个隐式信息流代码段的隐式信息流测试集IIF-Bench,并用来验证了判别方法的有效性和良好独立性,使其易于作为扩展添加至其它静态污点分析方法中从而实现隐式信息流分析的能力.The implicit information flow in the taint analysis is characterized by spreading the taint through the control flow,which leads to the invalidity or low analysis efficiency of many data flow based taint analysis techniques.A simple and effective method based on reorganization granularity to discriminate the ability of implicit information flow to spread taints is proposed.Firstly,the rules for constructing the implicit information reorganization chain are predefined,and the algorithm for constructing the implicit information reorganization chain is given based on program slicing and control dependency.Secondly,the reorganization granularity and reorganization ratio of the implicit information flow are obtained based on the calculation of the information reorganization granularity of each endpoint of the reorganization chain,which can judge its taint propagation ability.In addition,an implicit information flow test set IIF Bench,which contains 15 implicit information flow code segments,is developed experimentally,and is used to verify the effectiveness and good independence of the discriminant method,making it easy to add it as an extension to other static taint analysis methods to achieve the capability of implicit information flow analysis.

关 键 词：污点分析 隐式信息流 控制流分析 静态分析 重组粒度 

分 类 号：TP301[自动化与计算机技术—计算机系统结构]