中图分类号： TP393
文献标识码： A
DOI： 10.19358/j.issn.2096-5133.2022.02.006
引用格式： 梁威，洪倩. 基于代码重写的动态污点分析[J].信息技术与网络安全，2022，41(2)：33-38.

Dynamic taint analysis based on code rewriting

Abstract： At present, the update speed of Web technology is very fast, and JavaScript(JS) language is used more and more widely, at the same time, there are many security risks. In particular, the requirements for the response speed of Web applications are becoming higher and higher, which exacerbates the threat of Web security. Therefore, this paper studies the dynamic JavaScript taint analysis based on code rewriting, marks and tracks sensitive data during code operation with the help of rewriting JavaScript, detects data leakage and gives feedback in time. Different from the traditional dynamic taint analysis method, the proposed method does not need to rely on JS engine, can be applied to various browsers, can efficiently and accurately mark, track and detect sensitive data leakage, and improve Web security.

Key words : code rewriting；JavaScript;dynamic taint；information flow analysis；Web security