[Soot-list] Creating ISourceSinkManager to track information flow between Stmt or Value

Marc-André Laverdière marc-andre.laverdiere-papineau at polymtl.ca
Thu Oct 2 11:22:29 EDT 2014 

Just to add to what Steven said...

A simple (but not nice) hack is to filter out the results from Flowdroid
that don't correspond to your specific case.

Marc-André Laverdière-Papineau
Doctorant - PhD Candidate

On 10/02/2014 05:28 AM, Steven Arzt wrote:
> Hi Wei,
> 
>  
> 
> Now I understand your problem. Indeed, FlowDroid is at the moment
> lacking a notion of parameter sinks. We only support a notion of sink
> statements, i.e. if a tainted variable is read in a statement that is
> defined as a sink, we report it as a leak. Extended FlowDroid to support
> a more precise notion of sinks would be an interesting direction of
> future work.
> 
>  
> 
> Best regards,
> 
>   Steven
> 
>  
> 
> *Von:*soot-list-bounces at CS.McGill.CA
> [mailto:soot-list-bounces at CS.McGill.CA] *Im Auftrag von *Wei Yang
> *Gesendet:* Donnerstag, 2. Oktober 2014 08:11
> *An:* Steven Arzt
> *Cc:* soot-list at cs.mcgill.ca; soot-list at sable.mcgill.ca
> *Betreff:* Re: [Soot-list] Creating ISourceSinkManager to track
> information flow between Stmt or Value
> 
>  
> 
> Hi! Steven,
> 
>      Thanks for your detail explanation. Sorry that my question cause
> some trouble to understand. Here's an example where I need to track
> certain variables:
> 
> a = getSecret();;
> 
> sendSecret(a,"1", "2" ,"3");
> 
> sendSecret("1", a, "2" ,"3");
> 
>  
> 
> What I want to do is only track the information flow only when the first
> parameter of sendSecret get tainted. In this case, if the variable a get
> tainted, the analysis should report a ->  sendSecret(a,"1", "2" ,"3");
> but not  a ->  sendSecret("1", a, "2" ,"3"). Currently I'm unable to
> know which variable has been tainted in the information flow from
> InfoflowResults. Is there any way I can get such information?
> 
>  
> 
> Thanks! 
> 
>  
> 
>  
> 
>  
> 
> 
> Best wishes,
> 
> David 
> 
>  
> 
> 2014-09-30 2:39 GMT-05:00 Steven Arzt <Steven.Arzt at cased.de
> <mailto:Steven.Arzt at cased.de>>:
> 
> Hi Wei,
> 
>  
> 
> In FlowDroid, sources are defined as the points in the code where a
> variable first gets unconditionally tainted. The tool then tracks data
> flow between variables and fields. Or, in other words, the source
> defines which variables are of interest to the taint analysis. Take the
> following example:
> 
>  
> 
> a = getSecret();
> 
> b = a;
> 
>  
> 
> In this example, the variable “a” is of interest, because it is assigned
> the return value of the “getSecret()” method which is a source. Of
> course, your custom source sink manager can implement any rule you like
> for defining that a variable is of interest.
> 
>  
> 
> The implicit rule in FlowDroid is that athe source sink manager is asked
> for an assign statement. If it returns that this statement is a source,
> the variable on the left-hand side of the assignment gets tainted
> unconditionally. In the example above, this means that “a” gets tainted
> unconditionally, because the source sink manager replied “true” for the
> first statement.
> 
>  
> 
> What exactly is your condition on which you decide whether to track a
> certain variable or not?
> 
>  
> 
> Best regards,
> 
>   Steven
> 
>  
> 
> *Von:*soot-list-bounces at CS.McGill.CA
> <mailto:soot-list-bounces at CS.McGill.CA>
> [mailto:soot-list-bounces at CS.McGill.CA
> <mailto:soot-list-bounces at CS.McGill.CA>] *Im Auftrag von *Wei Yang
> *Gesendet:* Dienstag, 30. September 2014 07:55
> *An:* Steven Arzt
> *Cc:* soot-list at CS.McGill.CA <mailto:soot-list at CS.McGill.CA>;
> soot-list at sable.mcgill.ca <mailto:soot-list at sable.mcgill.ca>
> *Betreff:* Re: [Soot-list] Creating ISourceSinkManager to track
> information flow between Stmt or Value
> 
>  
> 
> Hi! Steven,
>      Sorry that my question is a bit confusing in the earlier email.
> What I try to do is to find the information flows between variables
> (Value).  Both methods /getSourceInfo /and /isSink /in inteface
> ISourceSinkManager are based on Stmt. But I knew that the taint analysis
> is based on variables. So we should be able to obtain such information
> from the analysis. As I'm not very familiar with the code about the
> taint propagation, could you point me a direction and related files that
> I can look into to track the information flows between variables?
> 
> Thanks a lot!     
> 
> On Sep 29, 2014 7:27 AM, "Steven Arzt" <Steven.Arzt at cased.de
> <mailto:Steven.Arzt at cased.de>> wrote:
> 
> Hi David,
> 
>  
> 
> I am not sure whether I understand your question correctly. If you
> implement your own source-sink-manager directly on top of the
> ISourceSinkManager interface, you are free to define whatever kind of
> sources and sinks you need. There is no need to have a predefined list –
> FlowDroid will iterator over all statements in your program under
> analysis and ask the source-sink-manager whether to treat the respective
> statement as a source, as a sink, or as neither.
> 
>  
> 
> Still, this is an a-priori analysis that is completed before the actual
> taint tracking starts. At the moment, I am not sure in which cases this
> should produce any limitations.
> 
>  
> 
> Best regards,
> 
>   Steven
> 
>  
> 
> *Von:*soot-list-bounces at CS.McGill.CA
> <mailto:soot-list-bounces at CS.McGill.CA>
> [mailto:soot-list-bounces at CS.McGill.CA
> <mailto:soot-list-bounces at CS.McGill.CA>] *Im Auftrag von *Wei Yang
> *Gesendet:* Sonntag, 28. September 2014 07:17
> *An:* soot-list at CS.McGill.CA <mailto:soot-list at CS.McGill.CA>;
> soot-list at sable.mcgill.ca <mailto:soot-list at sable.mcgill.ca>
> *Betreff:* [Soot-list] Creating ISourceSinkManager to track information
> flow between Stmt or Value
> 
>  
> 
> Hi! All,
> 
>      I'm trying to use FlowDroid to find if there's a information flow
> between two statements (Stmt) or Variables (Value). I found that
> in MethodBasedSourceSinkManager or AndroidSourceSinkManager, we need to
> provide the signature of source and sink methods statically for all
> program. How can I define my own ISourceSinkManager so that it can track
> information flow based on Stmt or Value provided dynamically from the
> analysis? Is there any example code I could look into to find related
> information?
> 
>  
> 
> Thanks a lot!
> 
> 
> Best wishes,
> 
> David 
> 
>  
> 
> 
> 
> _______________________________________________
> Soot-list mailing list
> Soot-list at CS.McGill.CA
> https://mailman.CS.McGill.CA/mailman/listinfo/soot-list
>

More information about the Soot-list mailing list