Write a Blog >>
SPLASH 2017
Sun 22 - Fri 27 October 2017 Vancouver, Canada
Fri 27 Oct 2017 10:52 - 11:15 at Regency C - Static Analysis Chair(s): Christian Hammer

Static information-flow analysis (especially taint-analysis) is a key technique in software security, computing where sensitive or untrusted data can propagate in a program. Points-to analysis is a fundamental static program analysis, computing what abstract objects a program expression may point to. In this work, we propose a deep unification of information-flow and points-to analysis. We observe that information-flow analysis is not a mere high-level client of points-to information, but it is indeed identical to points-to analysis on artificial abstract objects that represent different information sources. The very same algorithm can compute, simultaneously, two interlinked but separate results (points-to and information-flow values) with changes only to its initial conditions.

The benefits of such a unification are manifold. We can use existing points-to analysis implementations, with virtually no modification (only minor additions of extra logic for sanitization) to compute information flow concepts, such as value tainting. The algorithmic enhancements of points-to analysis (e.g., different flavors of context sensitivity) can be applied transparently to information-flow analysis. Heavy engineering work on points-to analysis (e.g., handling of the reflection API for Java) applies to information-flow analysis without extra effort. We demonstrate the benefits in a realistic implementation that leverages the Doop points-to analysis framework (including its context-sensitivity and reflection analysis features) to provide an information-flow analysis with excellent precision (over 91%) and recall (over 99%) for standard information-flow benchmarks.

Fri 27 Oct

Displayed time zone: Tijuana, Baja California change

10:30 - 12:00
Static AnalysisOOPSLA at Regency C
Chair(s): Christian Hammer University of Potsdam
10:30
22m
Talk
IDEal: Efficient and Precise Alias-Aware Dataflow Analysis
OOPSLA
Johannes Sp├Ąth Fraunhofer IEM, Karim Ali University of Alberta, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM
DOI
10:52
22m
Talk
P/Taint: Unified Points-to and Taint Analysis
OOPSLA
Neville Grech , Yannis Smaragdakis University of Athens
DOI
11:15
22m
Talk
Data-Driven Context-Sensitivity for Points-to Analysis
OOPSLA
Sehun Jeong Korea University, South Korea, Minseok Jeon Korea University, South Korea, Sungdeok (Steve) Cha Korea University, South Korea, Hakjoo Oh Korea University
DOI
11:37
22m
Talk
Automatically Generating Features for Learning Program Analysis Heuristics for C-Like Languages
OOPSLA
Kwonsoo Chae Korea University, Hakjoo Oh Korea University, Kihong Heo University of Pennsylvania, USA, Hongseok Yang University of Oxford
DOI