| With the continuous development of information technology, information system is widely used in various industries business systems, thus playing an increasingly important role. Due to system design, program logic, and a variety of other reasons, such system often has a variety of security problems. Whether the operation to tainted data and sensitive data is reasonable is one of them. Therefore, it is an urgent problem to study how to label and track the tainted data and sensitive data in the program.The work of this paper comes from the actual project. Since the propagation of data's state is based on information flow, this paper firstly analyzes the definition and properties of information flow. And based on the information flow, the rules of the possible information flow in the program are studied. And on the basis of these rules, the collection of information flow is realized.This paper analyzes and designs the process of the tainted data propagation based on the information flow. Firstly, the property of the state change is studied, and then the three aspects of the state-transfer, diffusion and propagation are designed. In the analysis of the transfer process, its data state is designed based on the analysis of the state transfer model. In the analysis of the diffusion of the state, the state of the pointer and the structure is studied. In the analysis of the propagation of the state, we mainly design and implement the propagation process of the assignment statement and function call. The rules for the security operation of analyzing tainted state propagation are also designed.In the end of this paper, the function of the system is tested, detailed test code is designed, and the test results are analyzed. The results of the analysis show that the system can label and track the tainted data. |
PDF Full Text Request