MySQL Cluster has a message passing architecture, and interesting taint sources are the messages themselves. To get taint analysis working, it is essential to define the taint sources clearly. All the analysis in this article is based on MySQL Cluster 8.0.25 and Binary Ninja. I approached this as a graph reachability problem, for which Tainted Flow Analysis on e-SSA-form Programs served as an excellent reference. Taint propagation and filtering should be control-flow sensitive.Identify vulnerabilities due to uses of untrusted values without bounds checking. These are a few things I had in mind while working: Largely inspired by his work, I wanted to try something similar but using Binary Ninja since it can also work with closed-source programs. My colleague, Lucas Leong, recently demonstrated how Clang Static Analyzer and CodeQL can be used to model and find vulnerabilities in MySQL NDB Cluster using taint analysis. Taint analysis is an effective technique for finding vulnerabilities, even in large codebases.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |