[1] |
ANDERSEN L O . Program analysis and specialization for the C programming language[D]. University of Cophenhagen, 1994.
|
[2] |
LHOTáK O , HENDREN L . Scaling Java points-to analysis using Spark[C]// International Conference on Compiler Construction. Springer,Berlin,Heidelberg, 2003: 153-169.
|
[3] |
BERNDL M , LHOTáK O , QIAN F ,et al. Points-to analysis using BDDs[J]. ACM SIGPLAN Notices, 2003,38(5): 103-114.
|
[4] |
黄波, 臧斌宇, 韦俊银 ,等. 上下文敏感的过程间指针分析[J]. 计算机学报, 2000,23(5): 477-485.
|
|
HUANG B , ZANG B Y , WEI J Y ,et al. Context sensitive interprocedural pointer analysis[J]. Chinese Journal of Computers, 2000,23(5): 477-485.
|
[5] |
BRAVENBOER M , SMARAGDAKIS Y . Strictly declarative specification of sophisticated points-to analyses[C]// Proceedings of the 24th ACM SIGPLAN Conference on Object Oriented Programming Systems Languages and Applications. 2009: 243-262.
|
[6] |
ANTONIADIS T , TRIANTAFYLLOU K , SMARAGDAKIS Y . Porting doop to Soufflé:a tale of inter-engine portability for datalog-based analyses[C]// Proceedings of the 6th ACM SIGPLAN International Workshop on State of the Art in Program Analysis. 2017: 25-30.
|
[7] |
TRIPP O , PISTOIA M , FINK S J ,et al. TAJ:effective taint analysis of web applications[J]. ACM Sigplan Notices, 2009,44(6): 87-97.
|
[8] |
SRIDHARAN M , ARTZI S , PISTOIA M ,et al. F4F:taint analysis of framework-based web applications[C]// Proceedings of the 2011 ACM International Conference on Object Oriented Programming Systems Languages and Applications. 2011: 1053-1068.
|
[9] |
HUANG W , DONG Y , MILANOVA A . Type-based taint analysis for Java web applications[C]// International Conference on Fundamental Approaches to Software Engineering. Springer,Berlin,Heidelberg, 2014: 140-154.
|
[10] |
LERCH J , HERMANN B , BODDEN E ,et al. FlowTwist:efficient context-sensitive inside-out taint analysis for large codebases[C]// Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. 2014: 98-108.
|
[11] |
王蕾, 李丰, 李炼 ,等. 污点分析技术的原理和实践应用[J]. 软件学报, 2017,28(4): 860-882.
|
|
WANG L , LI F , LI L ,et al. Principle and practice of taint analysis[J]. Journal of Software, 2017,28(4): 860-882.
|
[12] |
LIVSHITS B . Improving software security with precise static and runtime analysis[D]. Stanford University, 2006.
|
[13] |
TRIPP O , PISTOIA M , COUSOT P ,et al. Andromeda:accurate and scalable security analysis of web applications[C]// Fundamental Approaches to Software Engineering. 2013: 210-225.
|
[14] |
ARZT S , RASTHOFER S , FRITZ C ,et al. Flowdroid:precise context,flow,field,object-sensitive and lifecycle-aware taint analysis for android Apps[J]. Acm Sigplan Notices, 2014,49(6): 259-269.
|
[15] |
JOHNSON A , WAYE L , MOORE S ,et al. Exploring and enforcing security guarantees via program dependence graphs[J]. ACM SIGPLAN Notices, 2015,50(6): 291-302.
|
[16] |
HUANG W , DONG Y , MILANOVA A ,et al. Scalable and precise taint analysis for Android[C]// Proceedings of the 2015 International Symposium on Software Testing and Analysis. 2015: 106-117.
|
[17] |
GRECH N , SMARAGDAKIS Y . P/Taint:unified points to and taint analysis[J]. Proceedings of the ACM on Programming Languages, 2017: 1-28.
|
[18] |
DAHSE J , KREIN N , HOLZ T . Figurer euse attacks in PHP:automated POP chain generation[C]// Proceedings of CCS '14:Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 2014: 42-53.
|
[19] |
SHCHERBAKOV M , BALLIU M . SerialDetector:principled and practical exploration of object injection vulnerabilities for the web[C]// Proceedings 2021 Network and Distributed System Security Symposium. Reston,VA:Internet Society, 2021.
|
[20] |
HAKEN I . Automated discovery of deserialization gadget chains[R]. 2018.
|
[21] |
杜笑宇, 叶何, 文伟平 . 基于字节码搜索的 Java 反序列化漏洞调用链挖掘方法[J]. 信息网络安全, 2020,20(7): 19-29.
|
|
DU X Y , YE H , WEN W P . Java deserialization vulnerability gadget chain discovery method based on bytecode search[J]. Netinfo Security, 2020,20(7): 19-29.
|