{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T14:43:44Z","timestamp":1740149024743,"version":"3.37.3"},"reference-count":12,"publisher":"Wiley","license":[{"start":{"date-parts":[[2018,5,30]],"date-time":"2018-05-30T00:00:00Z","timestamp":1527638400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National Key R&D Program of China","award":["2016QY07X1404"],"award-info":[{"award-number":["2016QY07X1404"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2018,5,30]]},"abstract":"<jats:p>Dynamic taint analysis is a powerful technique for tracking the flow of sensitive information. Different approaches have been proposed to accelerate this process in an online or offline manner. Unfortunately, most of these approaches still have performance bottlenecks and thus reduce analytical efficiency. To address this limitation, we present OFFDTAN, a new approach of offline dynamic taint analysis for binaries. OFFDTAN can be described in terms of four stages: dynamic information acquisition, vulnerability modeling, offline analysis, and backtrace analysis. It first records program runtime information and models the stack buffer overflow vulnerabilities and controlled jump vulnerabilities. Then it performs offline analysis and backtrace analysis to locate vulnerabilities. We implement OFFDTAN on the basis of QEMU virtual machine and apply it to off-the-shelf applications. In order to illustrate how our approach works, we first employ a case study. Furthermore, six applications have been verified so as to evaluate our approach. Experimental results demonstrate that our approach is correct and effective. Compared with other offline analysis tools, OFFDTAN has much lower application runtime overhead.<\/jats:p>","DOI":"10.1155\/2018\/7693861","type":"journal-article","created":{"date-parts":[[2018,5,30]],"date-time":"2018-05-30T19:31:32Z","timestamp":1527708692000},"page":"1-13","source":"Crossref","is-referenced-by-count":3,"title":["OFFDTAN: A New Approach of Offline Dynamic Taint Analysis for Binaries"],"prefix":"10.1155","volume":"2018","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9897-0579","authenticated-orcid":true,"given":"Xiajing","family":"Wang","sequence":"first","affiliation":[{"name":"Beijing Key Laboratory of Software Security Engineering Technology, School of Software, Beijing Institute of Technology, Beijing 100081, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1954-5775","authenticated-orcid":true,"given":"Rui","family":"Ma","sequence":"additional","affiliation":[{"name":"Beijing Key Laboratory of Software Security Engineering Technology, School of Software, Beijing Institute of Technology, Beijing 100081, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2940-5557","authenticated-orcid":true,"given":"Bowen","family":"Dou","sequence":"additional","affiliation":[{"name":"Beijing Key Laboratory of Software Security Engineering Technology, School of Software, Beijing Institute of Technology, Beijing 100081, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8832-9323","authenticated-orcid":true,"given":"Zefeng","family":"Jian","sequence":"additional","affiliation":[{"name":"Beijing Key Laboratory of Software Security Engineering Technology, School of Software, Beijing Institute of Technology, Beijing 100081, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6037-9353","authenticated-orcid":true,"given":"Hongzhou","family":"Chen","sequence":"additional","affiliation":[{"name":"Beijing Key Laboratory of Software Security Engineering Technology, School of Software, Beijing Institute of Technology, Beijing 100081, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"311","reference":[{"year":"2014","key":"1"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.1145\/1273442.1250746"},{"issue":"8","key":"5","first-page":"190","volume":"9","year":"2005","journal-title":"Programming Language Design & Implementation"},{"issue":"5","key":"6","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/358438.349303","volume":"35","year":"2000","journal-title":"SIGPLAN Notices"},{"journal-title":"Network and Distributed System Security Symposium (NDSS)","year":"2005","key":"7"},{"year":"2010","key":"13"},{"key":"15","first-page":"1320","volume":"10","year":"2012","journal-title":"Journal of Tsinghua University (Science and Technology)"},{"key":"17","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40203-6_10"},{"issue":"3","key":"19","first-page":"12","volume":"40","year":"2014","journal-title":"Computer Engineering"},{"year":"2015","key":"20"},{"key":"21","doi-asserted-by":"publisher","DOI":"10.13328\/j.cnki.jos.005179"},{"key":"23","doi-asserted-by":"publisher","DOI":"10.1145\/2843859.2843867"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2018\/7693861.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2018\/7693861.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2018\/7693861.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2018,5,30]],"date-time":"2018-05-30T19:31:37Z","timestamp":1527708697000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2018\/7693861\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,5,30]]},"references-count":12,"alternative-id":["7693861","7693861"],"URL":"https:\/\/doi.org\/10.1155\/2018\/7693861","relation":{},"ISSN":["1939-0114","1939-0122"],"issn-type":[{"type":"print","value":"1939-0114"},{"type":"electronic","value":"1939-0122"}],"subject":[],"published":{"date-parts":[[2018,5,30]]}}}