Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Using Valgrind to detect undefined value errors with bit-precision
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Valgrind: a framework for heavyweight dynamic binary instrumentation
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Dytan: a generic dynamic taint analysis framework
Proceedings of the 2007 international symposium on Software testing and analysis
Effective memory protection using dynamic tainting
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Efficient and extensible security enforcement using dynamic data flow analysis
Proceedings of the 15th ACM conference on Computer and communications security
GC assertions: using the garbage collector to check heap properties
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Breadcrumbs: efficient context sensitivity for dynamic bug detection analyses
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
| Hi-index | 0.00 |
Dynamic tainting is a powerful technique that has been used to detect computer attacks, generate test cases analyze data scopes, and protect memory. However, existing tainting techniques suffer from excessive runtime overheads that can be as high as 30 to 50 times, making them unsuitable for applications in deployed systems. The goal of our work is to provide as efficient and low-overhead tainting framework that can be used in deployed environments. To accomplish this goal, we propose to implement framework that supports dynamic tainting as a feature of a Java Virtual Machine (JVM). In this approach, the tainting code can be injected by the JVM without needing to instrument the source code. It can also support customizable and configurable tainting. The overhead of tainting can be controlled by sampling and different tainting granularity. For example, the framework can taint all the data as needed when the workload is low. It can also taint only a subset of interesting data to reduce the overhead. Ultimately, we envision that our proposed framework will be instrumental in various dynamic monitoring methodologies including runtime verification.