关键词: 动态污染分析，漏洞利用检测，信息流分析，污染场景分析

Abstract: Untrusted data originating from network user input and configuration files, causes many software security problems,when operated by security-critical function without strict data validation. Keeping track of the propagation of untrusted data is the main idea of dynamic taint analysis for vulnerability exploits detection. Data derived from network user input and configuration files were labeled as taint. Executed taint propagating algorithm by virtue of data flow analysis,and carried out several taint detection policies for each security-critical function. A vulnerability prototype system was implemented on open source emulator and many optimization mechanisms were exploits detection deployed.

Key words: Dynamic taint analysis, Vulnerability exploits detection, Information flow analysis,Tainted scenes analysis