中圖分類號： TP393
文獻標識碼： A
DOI： 10.19358/j.issn.2096-5133.2022.02.006
引用格式： 梁威，洪倩. 基于代碼重寫的動態污點分析[J].信息技術與網絡安全，2022，41(2)：33-38.

Dynamic taint analysis based on code rewriting

Abstract： At present, the update speed of Web technology is very fast, and JavaScript(JS) language is used more and more widely, at the same time, there are many security risks. In particular, the requirements for the response speed of Web applications are becoming higher and higher, which exacerbates the threat of Web security. Therefore, this paper studies the dynamic JavaScript taint analysis based on code rewriting, marks and tracks sensitive data during code operation with the help of rewriting JavaScript, detects data leakage and gives feedback in time. Different from the traditional dynamic taint analysis method, the proposed method does not need to rely on JS engine, can be applied to various browsers, can efficiently and accurately mark, track and detect sensitive data leakage, and improve Web security.

Key words : code rewriting；JavaScript;dynamic taint；information flow analysis；Web security