Automated End-to-End Dynamic Taint Analysis for WhatsApp

被引：0

作者：

Cela, Sopot ^{[1
]}

Ciancone, Andrea ^{[1
]}

Gustafsson, Per ^{[1
]}

Hajdu, Akos ^{[1
]}

Jia, Yue ^{[1
]}

Kapus, Timotej ^{[1
]}

Koshtenko, Maksym ^{[1
]}

Lewis, Will ^{[1
]}

Mao, Ke ^{[1
]}

Martac, Dragos ^{[1
]}

机构：

[1] Meta, London, England

来源：

COMPANION PROCEEDINGS OF THE 32ND ACM INTERNATIONAL CONFERENCE ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, FSE COMPANION 2024 | 2024年

关键词：

Taint analysis; simulation; testing;

D O I：

10.1145/3663529.3663824

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

Taint analysis aims to track data flows in systems, with potential use cases for security, privacy and performance. This paper describes an end-to-end dynamic taint analysis solution for WhatsApp. We use exploratory UI testing to generate realistic interactions and inputs, serving as data sources on the clients and then we track data propagation towards sinks on both client and server sides. Finally, a reporting pipeline localizes tainted flows in the source code, applies deduplication, fllters false positives based on production call sites, and files tasks to code owners. Applied to WhatsApp, our approach found 89 flows that were fixed by engineers, and caught 50% of all privacy-related flows that required escalation, including instances that would have been diffcult to uncover by conventional testing.

引用

页码：21 / 26

页数：6

共 50 条

[21] End-to-end automated microfluidic platform for synthetic biology: from design to functional analysis
Gregory Linshiz
Erik Jensen
Nina Stawski
Changhao Bi
Nick Elsbree
Hong Jiao
Jungkyu Kim
Richard Mathies
Jay D. Keasling
Nathan J. Hillson
Journal of Biological Engineering, 10
[22] An End-To-End Toolchain: From Automated Cost Modeling to Static WCET and WCEC Analysis
Sieh, Volkmar
Burlacu, Robert
Hoenig, Timo
Janker, Heiko
Raffeck, Phillip
Waegemann, Peter
Schroeder-Preikschat, Wolfgang
2017 IEEE 20TH INTERNATIONAL SYMPOSIUM ON REAL-TIME DISTRIBUTED COMPUTING (ISORC), 2017, : 158 - 167
[23] On end-to-end bandwidth analysis and measurement
Ji, QJ
2003 INTERNATIONAL CONFERENCE ON COMMUNICATION TECHNOLOGY, VOL 1 AND 2, PROCEEDINGS, 2003, : 157 - 160
[24] On end-to-end analysis of packet loss
Räisänen, VI
COMPUTER COMMUNICATIONS, 2003, 26 (14) : 1693 - 1697
[25] Affordance is Power: Contradictions Between Communicational and Technical Dimensions of WhatsApp's End-to-End Encryption
Santos, Marcelo
Faure, Antoine
SOCIAL MEDIA + SOCIETY, 2018, 4 (03):
[26] DermX: An end-to-end framework for explainable automated dermatological diagnosis
Jalaboi, Raluca
Faye, Frederik
Orbes-Arteaga, Mauricio
Jorgensen, Dan
Winther, Ole
Galimzianova, Alfiia
MEDICAL IMAGE ANALYSIS, 2023, 83
[27] SciBox, an end-to-end automated science planning and commanding system
Choo, Teck H.
Murchie, Scott L.
Bedini, Peter D.
Steele, R. Josh
Skura, Joseph P.
Nguyen, Lillian
Nair, Hari
Lucks, Michael
Berman, Alice F.
McGovern, James A.
Turner, F. Scott
ACTA ASTRONAUTICA, 2014, 93 : 490 - 496
[28] Automated end-to-end management of the modeling lifecycle in deep learning
Gharibi, Gharib
Walunj, Vijay
Nekadi, Raju
Marri, Raj
Lee, Yugyung
EMPIRICAL SOFTWARE ENGINEERING, 2021, 26 (02)
[29] An end-to-end hybrid algorithm for automated medication discrepancy detection
Qi Li
Stephen Andrew Spooner
Megan Kaiser
Nataline Lingren
Jessica Robbins
Todd Lingren
Huaxiu Tang
Imre Solti
Yizhao Ni
BMC Medical Informatics and Decision Making, 15
[30] Automated generation of integrated architectures and end-to-end network models
Bonilla, Eliud
Britton, John S.
Gordon, Michael M.
Scheidt, Michael P.
Williams, Ramon P.
2005 IEEE Aerospace Conference, Vols 1-4, 2005, : 1363 - 1369

← 1 2 3 4 5 →