Field-Based Static Taint Analysis for Industrial Microservices

Taint analysis is widely used for tracing sensitive data. However, the state-of-the-art taint analyzers face challenges on recall, scalability, and precision when applied on industrial microservices. To overcome these challenges, we present a field-based static taint analysis approach, which does not distinguish different instances of the same type but distinguishes fields of the same kind for tracing sensitive data on industrial microservices. The experimental results demonstrate that our approach is practical in industrial scenarios.