CISPA
Browse

File(s) not publicly available

Detecting Information Flow by Mutating Input data

conference contribution
posted on 2023-11-29, 18:08 authored by Björn MathisBjörn Mathis, Vitalii Avdiienko, Ezekiel Soremekun, Marcel Böhme, Andreas ZellerAndreas Zeller
Analyzing information flow is central in assessing the security of applications. However, static and dynamic analyses of information flow are easily challenged by non-available or obscure code. We present a lightweight mutation-based analysis that systematically mutates dynamic values returned by sensitive sources to assess whether the mutation changes the values passed to sensitive sinks. If so, we found a flow between source and sink. In contrast to existing techniques, mutation-based flow analysis does not attempt to identify the specific path of the flow and is thus resilient to obfuscation. In its evaluation, our MUTAFLOW prototype for Android programs showed that mutation-based flow analysis is a lightweight yet effective complement to existing tools. Compared to the popular FLOWDROID static analysis tool, MUTAFLOW requires less than 10% of source code lines but has similar accuracy; on 20 tested real-world apps, it is able to detect 75 flows that FLOWDROID misses.

History

Preferred Citation

Björn Mathis, Vitalii Avdiienko, Ezekiel Soremekun, Marcel Böhme and Andreas Zeller. Detecting Information Flow by Mutating Input data. In: Software Engineering (SE). 2018.

Primary Research Area

  • Reliable Security Guarantees

Name of Conference

Software Engineering (SE)

Legacy Posted Date

2018-02-15

Open Access Type

  • Hybrid

BibTeX

@inproceedings{cispa_all_1452, title = "Detecting Information Flow by Mutating Input data", author = "Mathis, Björn and Avdiienko, Vitalii and Soremekun, Ezekiel and Böhme, Marcel and Zeller, Andreas", booktitle="{Software Engineering (SE)}", year="2018", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC