Authors:
Md. Imran Alam
1
;
Raju Halder
2
;
Harshita Goswami
1
and
Jorge Sousa Pinto
3
Affiliations:
1
Indian Institute of Technology Patna, India
;
2
Indian Institute of Technology Patna and HASLab/INESC TEC & Universidade do Minho, India
;
3
HASLab/INESC TEC & Universidade do Minho, Portugal
Keyword(s):
Taint Analysis, K Framework, Information Flow, Security.
Related
Ontology
Subjects/Areas/Topics:
Formal Methods
;
Simulation and Modeling
;
Software Engineering
;
Software Engineering Methods and Techniques
Abstract:
The K framework is a rewrite logic-based framework for defining programming language semantics suitable for formal reasoning about programs and programming languages. In this paper, we present K-Taint , a rewriting logic-based executable semantics in the K framework for taint analysis of an imperative programming language. Our K semantics can be seen as a sound approximation of programs semantics in the corresponding security type domain. More specifically, as a foundation to this objective, we extend to the case of taint analysis the semantically sound flow-sensitive security type system by Hunt and Sands, considering a support to the interprocedural analysis as well. With respect to the existing methods, K-Taint supports context- and flow-sensitive analysis, reduces false alarms, and provides a scalable solution. Experimental evaluation on several benchmark codes demonstrates encouraging results as an improvement in the precision of the analysis.