Abstract:
Aimed at the problem of false positives caused by implicit flow in taint analysis, a static taint analysis method based on quantitative information flow is proposed, which introduces loss metric entropy into the channel capacity. The channel influence threshold was reset by using gain function parameterized modeling. We generated the control flow graph corresponding to the source program and identify its control dependency. We calculated the impact of the taint data on the non-taint data according to the quantitative analysis, and choosed whether to modify the taint attribute of the variable. Taint was annotated and stored. Taking XSS and SQL injection attacks as example, the experiment compared multiple static analysis tools on the Benchmark dataset. The results show that this method effectively improved the accuracy of taint analysis.