DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation
implicit tainted data
1 Input is tainted and it propagated to other values that are computed transitively based on those tainted inputs. You can use DTA for finding a purpose of inapropriate sink. Implicit flows are control dependencies. Their hypothesis: under-tainting occurs at just a few places. No control dependencies—under-tainting, all control dependencies—over-tainting. DTA++ is their approach—identify targets for additional propagation. DTA++ has 2 phases: generate 2 rules for branches using offline analysis and then apply them during future runs of dynamic taint analysis.
Terms: dynamic taint analysis, implicit flow.
Sergey Vartanov, 2007–2020