乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T11:06:27Z","timestamp":1725534387453},"reference-count":51,"publisher":"World Scientific Pub Co Pte Lt","issue":"07","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Int. J. Soft. Eng. Knowl. Eng."],"published-print":{"date-parts":[[2021,7]]},"abstract":" Software security vulnerabilities and leakages of private information are two of the main issues in modern software systems. Several different approaches, ranging from design techniques to run-time monitoring, have been applied to prevent, detect and isolate such vulnerabilities. Static taint analysis has been particularly successful in detecting injection vulnerabilities at compile time. However, its extension to detect leakages of sensitive data has been only partially investigated. In this paper, we introduce BackFlow, a backward flow reconstructor that, starting from the results of a generic taint analysis engine, reconstructs the flow of tainted data. If successful, BackFlow\u00a0provides full information about the flow that such data (e.g. private information or user input) traversed inside the program before reaching a sensitive point (e.g. Internet communication or execution of an SQL query). Such information is needed to extend taint analysis to privacy analyses, since in such a scenario it is important to know which exact type of sensitive data flows to what type of communication channels. BackFlow\u00a0has been implemented in Julia (an industrial static analyzer for Java, Android and .NET programs), and applied to WebGoat and different benchmarks to detect both injections and privacy issues. The experimental results prove that BackFlow\u00a0is able to reconstruct the flow of tainted data for most of the true positives, it scales up to industrial applications, and it can be effectively applied to privacy analysis, such as the detection of sensitive data leaks or compliance with a data regulation. <\/jats:p>","DOI":"10.1142\/s0218194021500303","type":"journal-article","created":{"date-parts":[[2021,7,26]],"date-time":"2021-07-26T08:58:10Z","timestamp":1627289890000},"page":"973-1016","source":"Crossref","is-referenced-by-count":5,"title":["Static Privacy Analysis by Flow Reconstruction of Tainted Data"],"prefix":"10.1142","volume":"31","author":[{"given":"Pietro","family":"Ferrara","sequence":"first","affiliation":[{"name":"Universit\u00e0 Ca\u2019 Foscari di Venezia, Italy"}]},{"given":"Luca","family":"Olivieri","sequence":"additional","affiliation":[{"name":"Universit\u00e0 di Verona, Italy"},{"name":"JuliaSoft SRL, Italy"}]},{"given":"Fausto","family":"Spoto","sequence":"additional","affiliation":[{"name":"Universit\u00e0 di Verona, Italy"}]}],"member":"219","published-online":{"date-parts":[[2021,7,23]]},"reference":[{"key":"S0218194021500303BIB005","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.23"},{"key":"S0218194021500303BIB006","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594299"},{"key":"S0218194021500303BIB007","doi-asserted-by":"publisher","DOI":"10.1145\/781131.781153"},{"key":"S0218194021500303BIB008","doi-asserted-by":"publisher","DOI":"10.1145\/136035.136043"},{"key":"S0218194021500303BIB009","volume-title":"Proc. 1st Italian Conf. on Cybersecurity","author":"Burato E.","year":"2017"},{"key":"S0218194021500303BIB010","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-73721-8_6"},{"key":"S0218194021500303BIB012","volume-title":"Model Checking","author":"Clarke E. M.","year":"1999"},{"key":"S0218194021500303BIB013","doi-asserted-by":"publisher","DOI":"10.1145\/1273463.1273490"},{"key":"S0218194021500303BIB014","doi-asserted-by":"publisher","DOI":"10.1145\/512950.512973"},{"key":"S0218194021500303BIB015","doi-asserted-by":"publisher","DOI":"10.1145\/567752.567778"},{"key":"S0218194021500303BIB016","doi-asserted-by":"publisher","DOI":"10.1145\/359636.359712"},{"key":"S0218194021500303BIB017","doi-asserted-by":"publisher","DOI":"10.1145\/178243.178263"},{"key":"S0218194021500303BIB018","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2018.2868349"},{"key":"S0218194021500303BIB019","volume-title":"Proc. Network and Distributed Systems Security Symp.","author":"Egele M.","year":"2011"},{"key":"S0218194021500303BIB020","doi-asserted-by":"publisher","DOI":"10.1145\/2619091"},{"key":"S0218194021500303BIB023","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-48899-7_10"},{"key":"S0218194021500303BIB025","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818037"},{"key":"S0218194021500303BIB026","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45150-1"},{"key":"S0218194021500303BIB027","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30921-2_17"},{"key":"S0218194021500303BIB028","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23089"},{"key":"S0218194021500303BIB029","doi-asserted-by":"publisher","DOI":"10.1145\/263698.264352"},{"key":"S0218194021500303BIB031","doi-asserted-by":"publisher","DOI":"10.1145\/379605.379665"},{"key":"S0218194021500303BIB032","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-54804-8_10"},{"key":"S0218194021500303BIB033","doi-asserted-by":"publisher","DOI":"10.1145\/512927.512945"},{"key":"S0218194021500303BIB034","volume-title":"Proc. Mobile Security Technologies","author":"Kim J.","year":"2012"},{"key":"S0218194021500303BIB035","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89862-7_4"},{"key":"S0218194021500303BIB036","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315282"},{"key":"S0218194021500303BIB037","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635878"},{"key":"S0218194021500303BIB038","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.48"},{"key":"S0218194021500303BIB040","volume-title":"Proceedings of USENIX Security","author":"Livshits V. B.","year":"2005"},{"key":"S0218194021500303BIB041","doi-asserted-by":"publisher","DOI":"10.1145\/2245276.2232009"},{"key":"S0218194021500303BIB043","doi-asserted-by":"publisher","DOI":"10.1109\/ASEW.2019.00020"},{"key":"S0218194021500303BIB044","doi-asserted-by":"publisher","DOI":"10.1145\/292540.292561"},{"key":"S0218194021500303BIB045","volume-title":"Proc. Network and Distributed Systems Security","author":"Newsome J.","year":"2005"},{"key":"S0218194021500303BIB046","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.2999534"},{"key":"S0218194021500303BIB047","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-03811-6"},{"key":"S0218194021500303BIB048","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-32943-2_6"},{"issue":"4","key":"S0218194021500303BIB049","first-page":"14:1","volume":"35","author":"Nikolic D.","year":"2014","journal-title":"ACM Trans. Program. Lang. Syst."},{"key":"S0218194021500303BIB053","doi-asserted-by":"publisher","DOI":"10.1145\/117954.117965"},{"key":"S0218194021500303BIB054","volume-title":"Types and Programming Languages","author":"Pierce B. C.","year":"2002","edition":"1"},{"key":"S0218194021500303BIB055","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213873"},{"key":"S0218194021500303BIB057","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2002.806121"},{"key":"S0218194021500303BIB058","doi-asserted-by":"publisher","DOI":"10.1007\/11547662_22"},{"key":"S0218194021500303BIB059","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-00596-1_21"},{"key":"S0218194021500303BIB060","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-53413-7_3"},{"key":"S0218194021500303BIB061","doi-asserted-by":"publisher","DOI":"10.1145\/3332371"},{"key":"S0218194021500303BIB062","doi-asserted-by":"publisher","DOI":"10.1145\/2048066.2048145"},{"key":"S0218194021500303BIB063","doi-asserted-by":"publisher","DOI":"10.1145\/353171.353190"},{"key":"S0218194021500303BIB064","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542486"},{"key":"S0218194021500303BIB065","doi-asserted-by":"publisher","DOI":"10.1145\/3183575"},{"key":"S0218194021500303BIB068","doi-asserted-by":"publisher","DOI":"10.1109\/WCSE.2012.26"}],"container-title":["International Journal of Software Engineering and Knowledge Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.worldscientific.com\/doi\/pdf\/10.1142\/S0218194021500303","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,7,26]],"date-time":"2021-07-26T08:58:36Z","timestamp":1627289916000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.worldscientific.com\/doi\/abs\/10.1142\/S0218194021500303"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,7]]},"references-count":51,"journal-issue":{"issue":"07","published-print":{"date-parts":[[2021,7]]}},"alternative-id":["10.1142\/S0218194021500303"],"URL":"https:\/\/doi.org\/10.1142\/s0218194021500303","relation":{},"ISSN":["0218-1940","1793-6403"],"issn-type":[{"value":"0218-1940","type":"print"},{"value":"1793-6403","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,7]]}}}