Tailoring Taint Analysis to GDPR

  • Pietro FerraraEmail author
  • Luca Olivieri
  • Fausto Spoto
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11079)


Static analysis is the analysis of software at compile time without executing it. Its goal is to explore all execution paths without needing specific inputs to drive the execution. Thanks to its wide coverage, this approach, and in particular taint analysis, has been widely applied to detect security vulnerabilities like SQL injections and XSS. The European General Data Protection Regulation requires all controllers of sensitive data to enforce an approach based on privacy by design and by default. In such context, verification and testing techniques can be applied to check if the system implementation follows the constraints identified at design time. Therefore, static program analysis might be applied to track how sensitive data is automatically managed by a software, and if such software could leak some of this data.

In this paper, we formalize and discuss how taint analysis can be extended and augmented in order to detect potential unintended leakages of sensitive data. Starting from the specification of how sensitive data is retrieved and it could be leaked, and what types of leakages are allowed by the privacy policy established by the controller of sensitive data, we apply standard taint analysis to detect potential leakages, we reconstruct the flow to check if the flow is allowed or not, and we report full details about all the flows not allowed by the privacy policy. This approach has been implemented on the Julia static analysis, and we report some promising experimental results on the OWASP WebGoat benchmark.


Static analysis Taint analysis GDPR compliance 


  1. 1.
  2. 2.
  3. 3.
    Arzt, S., et al.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings of PLDI 2014. ACM (2014)Google Scholar
  4. 4.
    Blanchet, B., et al.: A static analyzer for large safety-critical software. In: Proceedings of PLDI 2003. ACM (2003)Google Scholar
  5. 5.
    Burato, E., Ferrara, P., Spoto, F.: Security analysis of the OWASP benchmark with Julia. In: Proceedings of ITASEC 2017 (2017)Google Scholar
  6. 6.
    Clarke Jr., E.M., Grumberg, O., Peled, D.A.: Model Checking. MIT Press, Cambridge (1999)Google Scholar
  7. 7.
    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of POPL 1977. ACM Press (1977)Google Scholar
  8. 8.
    Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: Proceedings of POPL 1979. ACM Press (1979)Google Scholar
  9. 9.
    Cousot, P., Cousot, R.: Abstract interpretation: past, present and future. In: Proceedings of CSL-LICS 2014. ACM (2014)Google Scholar
  10. 10.
    Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Commun. ACM 20(7), 504–513 (1977)CrossRefGoogle Scholar
  11. 11.
    Enck, W., et al.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. 32(2), 5 (2014)CrossRefGoogle Scholar
  12. 12.
    Ernst, M.D., Lovato, A., Macedonio, D., Spiridon, C., Spoto, F.: Boolean formulas for the static identification of injection attacks in Java. In: Davis, M., Fehnker, A., McIver, A., Voronkov, A. (eds.) LPAR 2015. LNCS, vol. 9450, pp. 130–145. Springer, Heidelberg (2015). Scholar
  13. 13.
    Ferrara, P.: Generic combination of heap and value analyses in abstract interpretation. In: McMillan, K.L., Rival, X. (eds.) VMCAI 2014. LNCS, vol. 8318, pp. 302–321. Springer, Heidelberg (2014). Scholar
  14. 14.
    Ferrara, P., Spoto, F.: Static analysis for GDPR compliance. In: Proceedings of ITASEC 2018 (2018)Google Scholar
  15. 15.
    Ferrara, P., Tripp, O., Pistoia, M.: Morphdroid: fine-grained privacy verification. In: Proceedings of ACSAC 2015. ACM (2015)Google Scholar
  16. 16.
    Grove, D., DeFouw, G., Dean, J., Chambers, C.: Call graph construction in object oriented languages. In: Proceedings of OOPSLA 1997. ACM (1997)Google Scholar
  17. 17.
    Hind, M.: Pointer analysis: haven’t we solved this problem yet? In: Proceedings of PASTE 2001. ACM (2001)Google Scholar
  18. 18.
    Kildall, G.A.: A unified approach to global program optimization. In: Proceedings of the 1st Annual ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages. POPL 1973. ACM, New York (1973)Google Scholar
  19. 19.
  20. 20.
    Myers, A.C.: JFlow: practical mostly-static information flow control. In: Proceedings of POPL 1999. ACM (1999)Google Scholar
  21. 21.
    Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, New York (1999)CrossRefGoogle Scholar
  22. 22.
  23. 23.
    Pierce, B.C.: Types and Programming Languages, 1st edn. The MIT Press, Cambridge (2002)zbMATHGoogle Scholar
  24. 24.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Sel. A. Commun. 21(1), 5–19 (2006)CrossRefGoogle Scholar
  25. 25.
    Spoto, F.: The Julia static analyzer for Java. In: Rival, X. (ed.) SAS 2016. LNCS, vol. 9837, pp. 39–57. Springer, Heidelberg (2016). Scholar
  26. 26.
    Tip, F., Palsberg, J.: Scalable propagation-based call graph construction algorithms. In: Proceedings of OOPSLA 2000. ACM, New York (2000)CrossRefGoogle Scholar
  27. 27.
    Tripp, O., Pistoia, M., Fink, S.J., Sridharan, M., Weisman, O.: TAJ: effective taint analysis of web applications. In: Proceedings of PLDI 2009. ACM (2009)Google Scholar
  28. 28.
    Wikipedia: Static program analysis.

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.JuliaSoft SRLVeronaItaly
  2. 2.Università di VeronaVeronaItaly

Personalised recommendations