Abstract
The application of taint analysis to increase the efficiency of safety analysis of the software used by Internet-of-Things devices based on the ARM architecture is considered. A comparison of the existing dynamic instrumentation is made. As a result, we identified the most acceptable solution for the problem. The functionality of the selected tool has been refined in order to improve the efficiency of analyzing the influence of input data on the operation of the software under study.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
REFERENCES
Thierer, A. and Castillo, A., Projecting the Growth and Economic Impact of the Internet of Things, 2015. https://doi.org/10.2139/ssrn.2618794
Sparks, P., The Route to a Trillion Devices, White Paper, ARM, 2017.
Zegzhda, P.D., Kort, S.S., and Suprun, A.F., Detection of anomalies in behavior of the software with usage of Markov chains, Autom. Control Comput. Sci., 2015, vol. 49, no. 8, pp. 820–825.
Demidov, R.A., Pechenkin, A.I., and Zegzhda, P.D., An approach to vulnerability searching of integer overflows in the executable program code, Autom. Control Comput. Sci., 2018, vol. 52, no. 8, pp. 1022–1028.
Demidov, R.A., Pechenkin, A.I., Zegzhda, P.D., and Kalinin, M.O., Application model of modern artificial neural network methods for the analysis of information systems security, Autom. Control Comput. Sci., 2018, vol. 52, no. 8, pp. 965–970.
Moskvin, D., Zegzhda, D., and Nikolskiy, A., Secure processor architecture modeling for large-scale systems, Autom. Control Comput. Sci., 2015, vol. 49, no. 8, pp. 684–689.
Kang, M.G., et al., Dta++: Dynamic taint analysis with targeted control-flow propagation, NDSS, 2011.
Demidov, R., Pechenkin, A., and Zegzhda, P., Integer overflow vulnerabilities detection in software binary code, ACM International Conference Proceeding Series, 2017, pp. 101–106. https://doi.org/10.1145/3136825.3136872
Busygin, A.G., Konoplev, A.S., and Kalinin, M.O., Approaches to protection of applications based on the TLS protocol against attacks using revoked certificates, Autom. Control Comput. Sci., 2016, vol. 50, no. 8, pp. 743–748.
Ognev, R.A., Zhukovskii, E.V., and Zegzhda, D.P., Clustering of malicious executable files based on the sequence analysis of system calls, Autom. Control Comput. Sci., 2019, vol. 53, no. 8, pp. 1045–1055.
Bosman, E., Slowinska, A., and Bos, H., Minemu: The world’s fastest taint tracker, International Workshop on Recent Advances in Intrusion Detection, Menlo Park, CA, 2011, pp. 1–20.
Schwartz, E.J., Avgerinos, T., and Brumley, D., All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask), 2010 IEEE Symposium on Security and Privacy, Berkeley/Oakland, CA, 2010, pp. 317–331.
Bruening, D., Efficient, transparent, and comprehensive runtime code manipulation, Thesis, Mass. Inst. Technol., 2004.
Gorgovan, C., d’Antras, A., and Luján, M., MAMBO: A low-overhead dynamic binary modification tool for ARM, ACM Trans. Archit. Code Optim., 2016, vol. 13, no. 1, p. 14.
Quynh, N.A., Skorpio: Advanced Binary Instrumentation Framework, 2018.
Funding
The paper was supported by the Russian Foundation for Basic Research, project no. 18-29-03102.
Author information
Authors and Affiliations
Corresponding authors
Ethics declarations
The authors declare that they have no conflicts of interest.
Additional information
Translated by N. Semenova
About this article
Cite this article
Ovasapyan, T.D., Knyazev, P.V. & Moskvin, D.A. Application of Taint Analysis to Study the Safety of Software of the Internet of Things Devices Based on the ARM Architecture. Aut. Control Comp. Sci. 54, 834–840 (2020). https://doi.org/10.3103/S0146411620080246
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411620080246