Detection of Malicious Code: Taint Flow Analysis for Weapons Systems Software

The Department of Defense (DoD) uses a lot of software produced by various supply chains, which can be compromised by an adversary. Failing to detect malicious code can be very costly, but detection is difficult. We have developed a method and a tool that aims to detect two types of malicious code: (1) exfiltration of sensitive data and (2) timebombs, logic bombs, remote-access Trojans (RATs), and similar malicious code.

The goal for our tool is to produce output that concisely and precisely characterizes the potentially malicious behaviors of the code base, so that a human analyst can quickly and accurately determine whether the behavior is benign or malicious. We envision that our tool could be used for software assurance by software security analysts and/or as part of a continuous integration system automatically analyzing and flagging potentially malicious flows.