Classify Of taint Analysis Static Taint Analysis The advantage of using static analysis is the fact that it provides better code coverage than dynamic analysis. > On the other hand,the principal disadvantage of the static analysis is that it's not as accurate than the dynamic analysis-It cannot access the runtime information for example.We can't retrieve registers or memory values. Dynamic Taint Analysis Dynamic analysis we can't cover all the code but you will be more reliable. 16
Classify Of taint Analysis • Static Taint Analysis ➢ The advantage of using static analysis is the fact that it provides better code coverage than dynamic analysis. ➢ On the other hand, the principal disadvantage of the static analysis is that it's not as accurate than the dynamic analysis - It cannot access the runtime information for example. We can't retrieve registers or memory values. • Dynamic Taint Analysis ➢ Dynamic analysis we can't cover all the code but you will be more reliable. 16
Basic concept Taint propagation: Taint If an operation uses the value of some tainted object, say X,to derive a value for another,say Y,then object Y becomes tainted.Object X tainted the object Y Taint operator t ·X→tY) Taint operator is transitive -X→t)andY→t(Z),then X→t(Z) 17
Basic concept 17 Taint propagation: ➢ Taint If an operation uses the value of some tainted object, say X, to derive a value for another, say Y, then object Y becomes tainted. Object X tainted the object Y
Taint propagation Untrusted source #1 Untrusted source #2 K X L W M Z Merge of two different tainted sources 18
Taint propagation 18