Author Login Editor-in-Chief Peer Review Editor Work Office Work

Computer Engineering

Previous Articles     Next Articles

J2EE Program Taint Analysis Method Based on Dependency

GUO Fan,ZHOU Xuan   

  1. (College of Computer and Information Engineering,Jiangxi Normal University,Nanchang 330022,China)
  • Received:2015-04-20 Online:2016-06-15 Published:2016-06-15

基于依赖的J2EE程序污点分析方法

郭帆,周轩   

  1. (江西师范大学 计算机信息工程学院,南昌 330022)
  • 作者简介:郭帆(1977-),男,副教授,主研方向为网络与信息安全;周轩,硕士研究生。
  • 基金资助:
    国家自然科学基金资助项目(61562040,61562041)。

Abstract: Taint analysis usually uses approximate or simplified method to analyze large scale program.So that the results are imprecise.In order to solve this problem,by extending current definition of dependency relation,modeling dependent relation between parameters of the method,modeling the relation between heap variable and parameters,this paper presents a new method to construct a demand-based data dependent graph orienting J2EE programs.This method uses predefined taint analysis method and extending definition for dependency relation to build data dependency edges.Multistage analysis method traverses dependency paths in dependency graph so as to analyze large scale programs efficiently.Experimental results show that the method has much improvement on analysis precision and time performance compared with Taint Analysis for Java(TAJ) method.

Key words: taint analysis, dependency relationship, modeling method, data dependency graph, multi-phase analysis

摘要: 污点分析通常采用近似或简化方法对大规模程序进行分析,导致分析结果不精确。为此,扩展现有变量依赖关系定义,对不同方法参数的依赖关系以及域变量和参数的依赖关系进行建模,提出一种面向J2EE程序、基于需求的数据依赖图构建方法。根据预定义的污点分析方法和扩展定义的依赖关系构建数据依赖边,采用多阶段分析方法遍历依赖图中的依赖路径,以有效分析较大规模程序。实验结果表明,与现有Java污点分析方法TAJ相比,该方法的精确度和时间性能均有较大提高。

关键词: 污点分析, 依赖关系, 建模方法, 数据依赖图, 多阶段分析

CLC Number: