» » » » » » » » » Analyzing Taint Propagation (Taint Analysis)

Analyzing Taint Propagation (Taint Analysis)

, , , , , , ,

Inputs from any external sources to a program cannot be trusted by the developers as can be a reason for inconsistent behavior or failure of the program. These external inputs are often exploited by hackers to inject some malicious code in the program which may lead to a loss of some valuable information, get unauthorized access or software crashes. Hence, external inputs are considered tainted. These tainted variables may later in some program path may be used to derive values of some other variables. This usage of tainted variable in assignment of another variable makes it tainted too, and so the taint propagates. These variables can only be untainted when assigned an untainted value or a constant. Therefore, it is important to track these variables. The analysis of these variables and the variables affected by them is called taint analysis.



When a variable is assigned a tainted value or is modified by it, it becomes tainted. Given below are the examples of taint propagation.


Example1:

int sum(int x, int y) // Assumption: x and y are tainted.
{
int c=0; //c is untainted
c=x+y;   //c gets modified by tainted values hence c is tainted here
return c; //c is tainted
}


Example2:

int sum(int x, int y) // Assumption: x and y are tainted.
{
int c=0; //c is untainted
c=x+y;   //c gets modified by tainted values hence c is tainted here
c=5;     // c is assigned a value hence c is untainted
return c; //c is untainted
}


Example3:

int sum(int x, int y) // Assumption: x and y are tainted.
{
d=5;     //d is untainted
int c=0; //c is untainted
c=x+y;   //c gets modified by tainted values hence c is tainted here
c=5;     // c is assigned an untainted value hence c is untainted
return c; //c is untainted
}


Example4:

int sum(int x, int y) // Assumption: x and y are tainted.
{
x=4; y=5;     //x and y are untainted
int c=0; //c is untainted
c=x+y;   //c gets modified by untainted values hence c is untainted here
return c; //c is untainted
}


Example5:

int sum(int x, int y) // Assumption: x and y are tainted.
{
int c=0; //c is untainted
if(x>y)   
{
c=x;  //c gets modified by tainted values hence c is tainted here
}
else
{
c=2;// c is assigned an untainted value hence c is untainted
}   
return c; //c is tainted
}

If a variable gets a tainted value from any path, it becomes tainted.


Subscribe to: Post Comments (Atom)