Field-Based Static Taint Analysis for Industrial Microservices
2022 IEEE/ACM 44th International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP)(2022)
摘要
Taint analysis is widely used for tracing sensitive data. However, the state-of-the-art taint analyzers face challenges on recall, scalability, and precision when applied on industrial microservices. To overcome these challenges, we present a field-based static taint analysis approach, which does not distinguish different instances of the same type but distinguishes fields of the same kind for tracing sensitive data on industrial microservices. The experimental results demonstrate that our approach is practical in industrial scenarios.
更多查看译文
关键词
program analysis,taint analysis,microservices,security
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要