Logo des Repositoriums
 

Detecting Information Flow by Mutating Input Data

dc.contributor.authorMathis, Björn
dc.contributor.authorAvdiienko, Vitalii
dc.contributor.authorSoremekun, Ezekiel O.
dc.contributor.authorBöhme, Marcel
dc.contributor.authorZeller, Andreas
dc.contributor.editorTichy, Matthias
dc.contributor.editorBodden, Eric
dc.contributor.editorKuhrmann, Marco
dc.contributor.editorWagner, Stefan
dc.contributor.editorSteghöfer, Jan-Philipp
dc.date.accessioned2019-03-29T10:24:04Z
dc.date.available2019-03-29T10:24:04Z
dc.date.issued2018
dc.description.abstract[Accepted as full paper for ASE 2017] Analyzing information flow is central in assessing the security of applications. However, static and dynamic analyses of information flow are easily challenged by non-available or obscure code. We present a lightweight mutation-based analysis that systematically mutates dynamic values returned by sensitive sources to assess whether the mutation changes the values passed to sensitive sinks. If so, we found a flow between source and sink. In contrast to existing techniques, mutation-based flow analysis does not attempt to identify the specific path of the flow and is thus resilient to obfuscation. In its evaluation, our MUTAFLOW prototype for Android programs showed that mutation-based flow analysis is a lightweight yet effective complement to existing tools. Compared to the popular FLOWDROID static analysis tool, MUTAFLOW requires less than 10% of source code lines but has similar accuracy; on 20 tested real-world apps, it is able to detect 75 flows that FLOWDROID misses.en
dc.identifier.isbn978-3-88579-673-2
dc.identifier.pissn1617-5468
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/21136
dc.language.isoen
dc.publisherGesellschaft für Informatik
dc.relation.ispartofSoftware Engineering und Software Management 2018
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-279
dc.subjectprogram analysis
dc.subjectinformation flow
dc.subjectmutation
dc.titleDetecting Information Flow by Mutating Input Dataen
dc.typeText/Conference Paper
gi.citation.endPage62
gi.citation.publisherPlaceBonn
gi.citation.startPage61
gi.conference.date5.-9. März 2018
gi.conference.locationUlm
gi.conference.sessiontitleSoftware Engineering 2018 - Wissenschaftliches Hauptprogramm

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
A1-36.pdf
Größe:
58.78 KB
Format:
Adobe Portable Document Format