Skip to main content
Conference ProceedingsOPEN ACCESS

Taint analysis of security code in the KLEE symbolic execution engine

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2012) 7618 LNCS 264-275
DOI: 10.1007/978-3-642-34129-8_23
18Citations
Citations of this article
48Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

We analyse the security of code by extending the KLEE symbolic execution engine with a tainting mechanism that tracks information flows of data. We consider both simple flows from direct assignment operations, and (more subtle) indirect flows inferred from the control flow. Our mechanism prevents overtainting by using a region-based static analysis provided by LLVM, the compiler infrastructure machine on which KLEE runs. We rigorously define taint propagation in a formal LLVM intermediate representation semantics, and show the correctness of our method. We illustrate the mechanism with several examples, showing how we use tainting to prove confidentiality and integrity properties. © 2012 Springer-Verlag.

Cite

CITATION STYLE

APA

Corin, R., & Manzano, F. A. (2012). Taint analysis of security code in the KLEE symbolic execution engine. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7618 LNCS, pp. 264–275). https://doi.org/10.1007/978-3-642-34129-8_23

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free