Startseite > Publikationen > Publikationen


Luo, Linghui;Bodden, Eric;Späth, Johannes:

A Qualitative Analysis of Taint-Analysis Results.

, Aug. 2018


In the past, researchers have developed a number of popular taint-analysis approaches, particularly in the context of Android applications. Most previous work in this area has focused on handling Android's unique features, on making analyses scale, or on eliminating false positives by enhancing the precision of static analysis. A promising avenue of increasing precision is to confirm static taint-analysis results through dynamic witnesses. To guide such research, we present the first study that evaluates static Android taint-analysis results at a qualitative level. To facilitate this study, we have implemented an extension of the Soot analysis framework called COVA, which computes partial path constraints. These constraints inform about the circumstances under which taint-flows may actually occur in practice. Using COVA, we have conducted a qualitative study on the taint-flows in 1,022 real-world Android applications. Our results reveal two key findings: (1) Many false positives arise due to inappropriate source and sink configuration provided by the existing taint-analysis tool. This impacts empirical results obtained for dozens of previously published Android analysis approaches. (2) 21% of the taint-flows are conditioned on user interactions, environment configurations and I/O operations.




author = {Luo, Linghui and Bodden, Eric and Sp{\"a}th, Johannes},
title = {A Qualitative Analysis of Taint-Analysis Results},
institution = {Heinz Nixdorf Institute, Paderborn University},
month = aug,
year = {2018},

BibTeX in die Zwischenablage kopieren