Dynamic tainting is a powerful technique that has been used to detect computer attacks, generate test cases analyze data scopes, and protect memory. However, existing tainting techniques suffer from excessive runtime overheads that can be as high as 30 to 50 times, making them unsuitable for applications in deployed systems. The goal of our work is to provide as efficient and low-overhead tainting framework that can be used in deployed environments. To accomplish this goal, we propose to implement framework that supports dynamic tainting as a feature of a Java Virtual Machine (JVM). In this approach, the tainting code can be injected by the JVM without needing to instrument the source code. It can also support customizable and configurable tainting. The overhead of tainting can be controlled by sampling and different tainting granularity. For example, the framework can taint all the data as needed when the workload is low. It can also taint only a subset of interesting data to reduce the overhead. Ultimately, we envision that our proposed framework will be instrumental in various dynamic monitoring methodologies including runtime verification.
[1]
Alessandro Orso,et al.
Dytan: a generic dynamic taint analysis framework
,
2007,
ISSTA '07.
[2]
Nicholas Nethercote,et al.
Valgrind: a framework for heavyweight dynamic binary instrumentation
,
2007,
PLDI '07.
[3]
Michael D. Bond,et al.
Breadcrumbs: efficient context sensitivity for dynamic bug detection analyses
,
2010,
PLDI '10.
[4]
R. Sengupta,et al.
A safe flight algorithm for unmanned aerial vehicles
,
2004,
2004 IEEE Aerospace Conference Proceedings (IEEE Cat. No.04TH8720).
[5]
Nicholas Nethercote,et al.
Using Valgrind to Detect Undefined Value Errors with Bit-Precision
,
2005,
USENIX Annual Technical Conference, General Track.
[6]
Calvin Lin,et al.
Efficient and extensible security enforcement using dynamic data flow analysis
,
2008,
CCS.
[7]
Harish Patil,et al.
Pin: building customized program analysis tools with dynamic instrumentation
,
2005,
PLDI '05.
[8]
Alessandro Orso,et al.
Effective memory protection using dynamic tainting
,
2007,
ASE '07.