Groups | Search | Server Info | Login | Register
Groups > comp.compilers > #139
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!news.albasani.net!news.mixmin.net!news.linkpendium.com!news.linkpendium.com!news.iecc.com!nerds-end |
|---|---|
| From | glen herrmannsfeldt <gah@ugcs.caltech.edu> |
| Newsgroups | comp.compilers |
| Subject | Re: Dealing with load/store instructions on static tainted flow analysis |
| Date | Tue, 7 Jun 2011 09:04:08 +0000 (UTC) |
| Organization | A noiseless patient Spider |
| Lines | 22 |
| Sender | news@iecc.com |
| Approved | comp.compilers@iecc.com |
| Message-ID | <11-06-013@comp.compilers> (permalink) |
| References | <11-06-010@comp.compilers> |
| NNTP-Posting-Host | news.iecc.com |
| X-Trace | gal.iecc.com 1307814641 58429 64.57.183.58 (11 Jun 2011 17:50:41 GMT) |
| X-Complaints-To | abuse@iecc.com |
| NNTP-Posting-Date | Sat, 11 Jun 2011 17:50:41 +0000 (UTC) |
| Keywords | analysis, Java |
| Posted-Date | 11 Jun 2011 13:50:41 EDT |
| X-submission-address | compilers@iecc.com |
| X-moderator-address | compilers-request@iecc.com |
| X-FAQ-and-archives | http://compilers.iecc.com |
| Xref | x330-a1.tempe.blueboxinc.net comp.compilers:139 |
Show key headers only | View raw
Gabriel Quadros <gabrielquadros@hotmail.com> wrote: > I am trying to implement a pass to detect information leak in > programs. The problem is a variation of static tainted-flow analysis: > I have some source functions, sink functions and sanitizers. I want to > know if it is possible for data to flow from source to sink without > going across a sanitizer. (snip) > In particular, if you could point me some paper that does it, > that would be great. It isn't exactly the same, but I would start looking at the Java class verifier. Well, for one Java requires bounds checking, so you can be sure that only references to the same array would leak. Java also requires the verifier to detect references that load/store the wrong data type, such as treating a double as two ints. (I believe it detects both stack and heap accesses.) -- glen
Back to comp.compilers | Previous | Next — Previous in thread | Next in thread | Find similar
Dealing with load/store instructions on static tainted flow analysis Gabriel Quadros <gabrielquadros@hotmail.com> - 2011-06-06 21:00 -0700 Re: Dealing with load/store instructions on static tainted flow analysis glen herrmannsfeldt <gah@ugcs.caltech.edu> - 2011-06-07 09:04 +0000 Re: Dealing with load/store instructions on static tainted flow analysis kym@kymhorsell.com - 2011-06-08 07:53 +0000 Re: Dealing with load/store instructions on static tainted flow analysis George Neuner <gneuner2@comcast.net> - 2011-06-09 18:51 -0400 Re: Dealing with load/store instructions on static tainted flow analysis Martin Ward <martin@gkc.org.uk> - 2011-06-12 12:11 +0100
csiph-web