Machine learningProgram analysis for security
污点分析
污点分析是一种数据流分析技术,用于跟踪不可信(被污染)的输入如何在程序中流动,以识别被污染数据到达危险操作(接收器)时的漏洞。该技术由 Newsome 和 Song 于 2005 年正式提出,它标记输入数据为“污点”,并通过程序传播污点标签,在污点数据到达 SQL 查询或系统调用等敏感操作时发出警报。污点分析是检测注入漏洞的基础,并广泛应用于动态分析工具和安全监控系统。
阅读完整方法
仅限会员
登录使用免费账户登录即可阅读本节。
Method map
The neighbourhood of related methods — select a node to explore.
来源
- Newsome, J., & Song, D. X. (2005). Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Network and Distributed System Security Symposium (NDSS 2005). link ↗
- Schwartz, E. J., Avgerinos, T., & Brumley, D. (2010). All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In IEEE Symposium on Security and Privacy (SP), 2010, pp. 317-331. DOI: 10.1109/SP.2010.26 ↗
如何引用本页
ScholarGate. (2026, June 3). Taint Analysis (Data Flow Analysis). ScholarGate. https://scholargate.app/zh/cryptography/taint-analysis
Which method?
Set this method beside its closest kin and read them side by side — the library lays the books on the table; the choice is yours.
Compare side by side →