摘要
污点分析技术是保护隐私数据安全和实现漏洞检测的重要技术手段,也是信息安全研究的热点领域。对近年来污点分析技术的研究现状和发展情况进行综述,介绍了污点分析的理论基础以及静态污点分析和动态污点分析的基本概念、关键技术和研究进展,并从技术实现方式的角度出发,阐述了基于硬件、软件、虚拟环境和代码等四种污点分析技术的实现方式、核心思想以及优缺点;然后,从污点数据流向的角度出发,概述了污点分析技术在相关领域的两种典型应用,即隐私数据泄露检测和漏洞探测;最后,简要分析了污点分析的缺点和不足,并展望该技术的研究前景和发展趋势。
Taint analysis technology is an important method to protect private data security and realize vulnerability detection,and it is also a hot area of information security research.The research status and development of taint analysis technology in recent years were summarized.The theoretical basis of taint analysis,the basic concepts,key technologies and research progress of static taint analysis and dynamic taint analysis were introduced.From the perspective of the implementation,the implementation methods,core ideas,advantages and disadvantages of four taint analysis technologies based on hardware,software,virtual environment and code were expounded;from the perspective of the flow of taint data,two typical applications in related fields,privacy data leakage detection and vulnerability detection,were outlined.Finally,the shortcomings of taint analysis were briefly analyzed,and the research prospects and development trends of the technology were predicted.
作者
任玉柱
张有为
艾成炜
REN Yuzhu;ZHANG Youwei;AI Chengwei(School of Cyber Security,Information Engineering University,Zhengzhou Henan 450001,China;State Key Laboratory of Mathematical Engineering and Advanced Computing,Zhengzhou Henan 450001,China;Advanced Technology Research Institute of Zhengzhou Xinda,Zhengzhou Henan 450001,China)
出处
《计算机应用》
CSCD
北大核心
2019年第8期2302-2309,共8页
journal of Computer Applications
关键词
信息流分析
静态污点分析
动态污点分析
隐私数据
漏洞挖掘
information flow analysis
static taint analysis
dynamic taint analysis
privacy data
vulnerability discovery
