Automated End-to-End Dynamic Taint Analysis for WhatsApp

被引:0
|
作者
Cela, Sopot [1 ]
Ciancone, Andrea [1 ]
Gustafsson, Per [1 ]
Hajdu, Akos [1 ]
Jia, Yue [1 ]
Kapus, Timotej [1 ]
Koshtenko, Maksym [1 ]
Lewis, Will [1 ]
Mao, Ke [1 ]
Martac, Dragos [1 ]
机构
[1] Meta, London, England
来源
COMPANION PROCEEDINGS OF THE 32ND ACM INTERNATIONAL CONFERENCE ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, FSE COMPANION 2024 | 2024年
关键词
Taint analysis; simulation; testing;
D O I
10.1145/3663529.3663824
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Taint analysis aims to track data flows in systems, with potential use cases for security, privacy and performance. This paper describes an end-to-end dynamic taint analysis solution for WhatsApp. We use exploratory UI testing to generate realistic interactions and inputs, serving as data sources on the clients and then we track data propagation towards sinks on both client and server sides. Finally, a reporting pipeline localizes tainted flows in the source code, applies deduplication, fllters false positives based on production call sites, and files tasks to code owners. Applied to WhatsApp, our approach found 89 flows that were fixed by engineers, and caught 50% of all privacy-related flows that required escalation, including instances that would have been diffcult to uncover by conventional testing.
引用
收藏
页码:21 / 26
页数:6
相关论文
共 50 条
  • [31] Automated end-to-end management of the modeling lifecycle in deep learning
    Gharib Gharibi
    Vijay Walunj
    Raju Nekadi
    Raj Marri
    Yugyung Lee
    Empirical Software Engineering, 2021, 26
  • [32] End-to-End Fully Automated Lung Cancer Screening System
    Sathe, Pushkar
    Mahajan, Alka
    Patkar, Deepak
    Verma, Mitusha
    IEEE ACCESS, 2024, 12 : 108515 - 108532
  • [33] TVM: An Automated End-to-End Optimizing Compiler for Deep Learning
    Chen, Tianqi
    Moreau, Thierry
    Jiang, Ziheng
    Zheng, Lianmin
    Yan, Eddie
    Cowan, Meghan
    Shen, Haichen
    Wang, Leyuan
    Hu, Yuwei
    Ceze, Luis
    Guestrin, Carlos
    Krishnamurthy, Arvind
    PROCEEDINGS OF THE 13TH USENIX SYMPOSIUM ON OPERATING SYSTEMS DESIGN AND IMPLEMENTATION, 2018, : 579 - 594
  • [34] An end-to-end hybrid algorithm for automated medication discrepancy detection
    Li, Qi
    Spooner, Stephen Andrew
    Kaiser, Megan
    Lingren, Nataline
    Robbins, Jessica
    Lingren, Todd
    Tang, Huaxiu
    Solti, Imre
    Ni, Yizhao
    BMC MEDICAL INFORMATICS AND DECISION MAKING, 2015, 15
  • [35] End-to-End Automated Exploit Generation for Processor Security Validation
    Zhang, Rui
    Deutschbein, Calvin
    Huang, Peng
    Sturton, Cynthia
    IEEE DESIGN & TEST, 2021, 38 (03) : 22 - 30
  • [36] END-TO-END NEURAL NETWORK BASED AUTOMATED SPEECH SCORING
    Chen, Lei
    Tao, Jidong
    Ghaffarzadegan, Shabnam
    Qian, Yao
    2018 IEEE INTERNATIONAL CONFERENCE ON ACOUSTICS, SPEECH AND SIGNAL PROCESSING (ICASSP), 2018, : 6234 - 6238
  • [37] The end of end-to-end?
    Garfinkel, S
    TECHNOLOGY REVIEW, 2003, 106 (06) : 30 - 30
  • [38] End-to-end consensus using end-to-end channels
    Wiesmann, Matthias
    Defago, Xavier
    12TH PACIFIC RIM INTERNATIONAL SYMPOSIUM ON DEPENDABLE COMPUTING, PROCEEDINGS, 2006, : 341 - +
  • [39] Dynamic deformable transformer for end-to-end face alignment
    Han, Liming
    Yang, Chi
    Li, Qing
    Yao, Bin
    Jiao, Zixian
    Xie, Qianyang
    IET COMPUTER VISION, 2023, 17 (08) : 948 - 961
  • [40] An End-to-End Scene Text Detector with Dynamic Attention
    Lin, Jingyu
    Yan, Yan
    Wang, Hanzi
    PROCEEDINGS OF THE 4TH ACM INTERNATIONAL CONFERENCE ON MULTIMEDIA IN ASIA, MMASIA 2022, 2022,
12345