中圖分類(lèi)號(hào): TP393 文獻(xiàn)標(biāo)識(shí)碼: A DOI: 10.19358/j.issn.2096-5133.2022.02.006 引用格式: 梁威,洪倩. 基于代碼重寫(xiě)的動(dòng)態(tài)污點(diǎn)分析[J].信息技術(shù)與網(wǎng)絡(luò)安全,2022,41(2):33-38.
Dynamic taint analysis based on code rewriting
Liang Wei1,Hong Qian2
(1.Petersburg Aviation Institute,Zhongyuan University of Technology,Zhengzhou 450007,China; 2.Jiangxi Fifth People′s Hospital,Nanchang 330046,China)
Abstract: At present, the update speed of Web technology is very fast, and JavaScript(JS) language is used more and more widely, at the same time, there are many security risks. In particular, the requirements for the response speed of Web applications are becoming higher and higher, which exacerbates the threat of Web security. Therefore, this paper studies the dynamic JavaScript taint analysis based on code rewriting, marks and tracks sensitive data during code operation with the help of rewriting JavaScript, detects data leakage and gives feedback in time. Different from the traditional dynamic taint analysis method, the proposed method does not need to rely on JS engine, can be applied to various browsers, can efficiently and accurately mark, track and detect sensitive data leakage, and improve Web security.
Key words : code rewriting;JavaScript;dynamic taint;information flow analysis;Web security
