[Soot-list] Enable Explicit Taint Propogation in Soot-Infoflow

Suresh Rangaswamy suresh1317 at iiitd.ac.in
Wed Oct 22 08:05:27 EDT 2014 

Thanks its working now :)

Sorry got confused between implicit and explicit.

Regards
Suresh Rangaswamy
(M) +91-9711154493
(M.Tech Information Security)
cerc.iiitd.ac.in
about.me/suresh301190
<http://iiitd.ac.in>

On Wed, Oct 22, 2014 at 5:28 PM, Steven Arzt <Steven.Arzt at cased.de> wrote:

> Hi Suresh,
>
>
>
> I looked at your code snippet once again. What you are looking for is an
> implicit data flow, not an explicit one. The reason why the statement in
> line 7 leaks information at all is that its execution depends on the value
> of a secret. Without the conditional, there would be no leak.
>
>
>
> Implicit information flow tracking must be enabled explicitly in
> FlowDroid. Use Infoflow.setEnableImplicitFlows(true) to do so.
>
>
>
> Best regards,
>
>   Steven
>
>
>
> *Von:* soot-list-bounces at CS.McGill.CA [mailto:
> soot-list-bounces at CS.McGill.CA] *Im Auftrag von *Suresh Rangaswamy
> *Gesendet:* Mittwoch, 22. Oktober 2014 13:50
> *An:* Steven Arzt
> *Cc:* soot-list at CS.McGill.CA
> *Betreff:* Re: [Soot-list] Enable Explicit Taint Propogation in
> Soot-Infoflow
>
>
>
> Hi Steven,
>
>
>
> Thank you for the quick response.
>
>
>
> I have read the paper and I understood that it is supposed to detect it,
> but there may be some configuration that I am missing because in the
> analysis it is not detecting the above source to sink flow.
>
>
>
> I am using the *soot-Infoflow* directly instead of *soot-infoflow-android*
> ,
>
>
>
> I am analyzing JAR file.
>
>
>
> PFA, EasyTaintWrapperSource.txt, SourcesAndSink.txt and output.txt.
>
>
>
> which I am using to run my analysis.
>
>
> Regards
>
> Suresh Rangaswamy
>
> (M) +91-9711154493
>
> (M.Tech Information Security)
>
> cerc.iiitd.ac.in
>
> about.me/suresh301190
>
> [image: Das Bild wurde vom Absender entfernt.] <http://iiitd.ac.in>
>
>
>
> On Wed, Oct 22, 2014 at 4:53 PM, Steven Arzt <Steven.Arzt at cased.de> wrote:
>
> Hi Suresh,
>
>
>
> FlowDroid is a data flow tracker, so tracking explicit data flows is what
> the tool was originally built for. What exactly is your question? Did you
> read the paper or technical report? Did you have a look at our wiki (
> https://github.com/secure-software-engineering/soot-infoflow-android/wiki
> )?
>
>
>
> Best regards,
>
>   Steven
>
>
>
>
>
> M.Sc. M.Sc. Steven Arzt
>
> Secure Software Engineering Group (SSE)
>
> European Center for Security and Privacy by Design (EC SPRIDE)
>
> Mornewegstraße 32
>
> D-64293 Darmstadt
>
> Phone: +49 61 51 16-75426
>
> Fax: +49 61 51 16-72118
>
> eMail: steven.arzt at ec-spride.de
>
> Web: http://sse.ec-spride.de
>
>
>
>
>
>
>
> *Von:* soot-list-bounces at CS.McGill.CA [mailto:
> soot-list-bounces at CS.McGill.CA] *Im Auftrag von *Suresh Rangaswamy
> *Gesendet:* Mittwoch, 22. Oktober 2014 13:10
> *An:* soot-list at CS.McGill.CA
> *Betreff:* [Soot-list] Enable Explicit Taint Propogation in Soot-Infoflow
>
>
>
> Hi,
>
>
>
> How can we enable the explicit tainting in soot-infoflow if its possible.
>
>
>
> 1. void foo(){
>
> 2.         int x = 0, y = 9;
>
> 3.         try{
>
> 4.                     BufferedReader is = new BufferedReader(new
> InputStreamReader(System.in));
>
>
>
> 5.                     x = Integer.parseInt(is.readLine());
>
>
>
> 6.                     if(x == 5){
>
>
>
> 7.                                System.out.println(y);
>
> 8.                     }
>
>
>
> 9.         }catch(IOException e){
>
> 10.                   e.printStackTrace();
>
> 11.       }
>
>
>
> In the example I want the flow from 5 -> 6 -> 7 be detected by the
> infoflow.
>
>
> Regards
>
> Suresh Rangaswamy
>
> (M) +91-9711154493
>
> (M.Tech Information Security)
>
> cerc.iiitd.ac.in
>
> about.me/suresh301190
>
> *Fehler! Es wurde kein Dateiname angegeben.* <http://iiitd.ac.in>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20141022/f1a05a4b/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 425 bytes
Desc: not available
Url : http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20141022/f1a05a4b/attachment-0001.jpg

More information about the Soot-list mailing list