Table of Contents
- 1. What problem does this paper try to solve?
- 2. Why is the problem important?
- 3. What is this paper's solution to the problem?
- 4. What are the strengths of this paper?
- 5. What are the limitations of this paper?
- 6. What makes this paper publishable?
- 7. What are other solutions and what are the most relevant works?
- 8. What's your favourite part of this work?
Authors: Tianrou Xia and Hong Hu and Dinghao Wu
Keywords: indirect call, type analysis, program analysis
[USENIX SECURITY'24]
What problem does this paper try to solve?
Narrowing down the target set of indirect calls.
Why is the problem important?
Precise identification of indirect calls plays an essential role in constructing CFGs, which are widely used in many security-related fields.
What is this paper's solution to the problem?
SMLTA (Strong Multi-Layer Type Analysis). It enhances the original MLTA to achieve better performance and effectiveness.
SMLTA employs entire multi-layer types as keys for information storage (Type Lookup Map) instead of only two layers of MLTA. It introduces 'friend type' to share targets through the information flow. Direct friend types are stored in Type-Type map, and indirect friend types are found by an exhaustive breadth-first algorithm.
What are the strengths of this paper?
Improves a state-of-the-art approach on this topic.
Detailed analysis of the evaluation.
What are the limitations of this paper?
The evaluation results imply that the target set of DeepType isn't always smaller than that of TypeDive.
It's flow-insensitive.
Still generates false positives.
What makes this paper publishable?
It significantly narrows down the target set of indirect calls in most of the evaluation and has better performance.
What are other solutions and what are the most relevant works?
MLTA-CCS19
Value flow analysis: SVF
What's your favourite part of this work?
The explanation of the seeming poor evaluation result.