Based on BitBlaze.

implicit tainted data

1 Input is tainted and it propagated to other values that are computed transitively based on those tainted inputs. You can use DTA for finding a purpose of inapropriate sink. Implicit flows are control dependencies. Their hypothesis: under-tainting occurs at just a few places. No control dependencies—under-tainting, all control dependencies—over-tainting. DTA++ is their approach—identify targets for additional propagation. DTA++ has 2 phases: generate 2 rules for branches using offline analysis and then apply them during future runs of dynamic taint analysis.

Terms: dynamic taint analysis, implicit flow.

Sergey Vartanov, 2007–2020