PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
Forward computation of dynamic program slices
ISSTA '94 Proceedings of the 1994 ACM SIGSOFT international symposium on Software testing and analysis
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Information flow inference for ML
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Secure program execution via dynamic information flow tracking
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Detecting and Debugging Insecure Information Flows
ISSRE '04 Proceedings of the 15th International Symposium on Software Reliability Engineering
RIFLE: An Architectural Framework for User-Centric Information-Flow Security
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Improving software security via runtime instruction-level taint checking
Proceedings of the 1st workshop on Architectural and system support for improving software dependability
Using positive tainting and syntax-aware evaluation to counter SQL injection attacks
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
A General Dynamic Information Flow Tracking Framework for Security Applications
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Exploring Multiple Execution Paths for Malware Analysis
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Defending against injection attacks through context-sensitive string evaluation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Effective memory protection using dynamic tainting
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
A state coverage tool for JUnit
Companion of the 30th international conference on Software engineering
Quantitative information flow as network flow capacity
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
A type system for data-flow integrity on windows vista
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
ISCA '08 Proceedings of the 35th Annual International Symposium on Computer Architecture
Efficient and extensible security enforcement using dynamic data flow analysis
Proceedings of the 15th ACM conference on Computer and communications security
Towards automatic reverse engineering of software security configurations
Proceedings of the 15th ACM conference on Computer and communications security
Algorithms and tool support for dynamic information flow analysis
Information and Software Technology
Blended analysis for improving the quality of framework-intensive applications
Proceedings of the 2008 Foundations of Software Engineering Doctoral Symposium
Complete information flow tracking from the gates up
Proceedings of the 14th international conference on Architectural support for programming languages and operating systems
Static analysis for inference of explicit information flow
Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
A type system for data-flow integrity on Windows Vista
ACM SIGPLAN Notices
Isolation points: Creating performance-robust enterprise systems
ACM Transactions on Autonomous and Adaptive Systems (TAAS)
Proceedings of the 41st annual IEEE/ACM International Symposium on Microarchitecture
Go with the flow: profiling copies to find runtime bloat
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Locating need-to-translate constant strings for software internationalization
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Measuring the strength of information flows in programs
ACM Transactions on Software Engineering and Methodology (TOSEM)
Penumbra: automatically identifying failure-relevant inputs using dynamic tainting
Proceedings of the eighteenth international symposium on Software testing and analysis
Reducing Test Inputs Using Information Partitions
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Execution leases: a hardware-supported mechanism for enforcing strong non-interference
Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture
User-input dependence analysis via graph reachability
User-input dependence analysis via graph reachability
Statistically regulating program behavior via mainstream computing
Proceedings of the 8th annual IEEE/ACM international symposium on Code generation and optimization
LEAKPOINT: pinpointing the causes of memory leaks
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
SUDS: an infrastructure for creating dynamic software defect detection tools
Automated Software Engineering
Strict control dependence and its effect on dynamic information flow analyses
Proceedings of the 19th international symposium on Software testing and analysis
Automatically identifying critical input regions and code in applications
Proceedings of the 19th international symposium on Software testing and analysis
Behavioral clustering of HTTP-based malware and signature generation using malicious network traces
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Automated support for repairing input-model faults
Proceedings of the IEEE/ACM international conference on Automated software engineering
Proceedings of the 17th ACM conference on Computer and communications security
Dynamic tainting for deployed Java programs
Proceedings of the ACM international conference companion on Object oriented programming systems languages and applications companion
Debugging model-transformation failures using dynamic tainting
ECOOP'10 Proceedings of the 24th European conference on Object-oriented programming
Proceedings of the 2010 workshop on New security paradigms
Porscha: policy oriented secure content handling in Android
Proceedings of the 26th Annual Computer Security Applications Conference
Taxonomy and classification of automatic monitoring of program security vulnerability exploitations
Journal of Systems and Software
Automating configuration troubleshooting with dynamic information flow analysis
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
TaintEraser: protecting sensitive data leaks using application-level taint tracking
ACM SIGOPS Operating Systems Review
Cross-application data provenance and policy enforcement
ACM Transactions on Information and System Security (TISSEC)
ROPdefender: a detection tool to defend against return-oriented programming attacks
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Coalescing executions for fast uncertainty analysis
Proceedings of the 33rd International Conference on Software Engineering
An algorithm for capturing variables dependences in test suites
Journal of Systems and Software
Vision: automated security validation of mobile apps at app markets
MCS '11 Proceedings of the second international workshop on Mobile cloud computing and services
Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution
ACM Transactions on Information and System Security (TISSEC)
Q: exploit hardening made easy
SEC'11 Proceedings of the 20th USENIX conference on Security
Preventing web application injections with complementary character coding
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Taint-exchange: a generic system for cross-process and cross-host taint tracking
IWSEC'11 Proceedings of the 6th International conference on Advances in information and computer security
RIPE: runtime intrusion prevention evaluator
Proceedings of the 27th Annual Computer Security Applications Conference
Defining code-injection attacks
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Static program analysis assisted dynamic taint tracking for software vulnerability discovery
Computers & Mathematics with Applications
libdft: practical dynamic data flow tracking for commodity systems
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
Computation vs. memory systems: pinning down accelerator bottlenecks
ISCA'10 Proceedings of the 2010 international conference on Computer Architecture
Symbolic execution enhanced system testing
VSTTE'12 Proceedings of the 4th international conference on Verified Software: theories, tools, experiments
SAILS: static analysis of information leakage with sample
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Proceedings of the 34th International Conference on Software Engineering
Uncovering performance problems in Java applications with reference propagation profiling
Proceedings of the 34th International Conference on Software Engineering
Security'12 Proceedings of the 21st USENIX conference on Security symposium
White box sampling in uncertain data processing enabled by program analysis
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
DTAM: dynamic taint analysis of multi-threaded programs for relevancy
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Monitoring Buffer Overflow Attacks: A Perennial Task
International Journal of Secure Software Engineering
Architecture-Independent dynamic information flow tracking
CC'13 Proceedings of the 22nd international conference on Compiler Construction
Type-based dependency analysis for javascript
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
Enforcing system-wide control flow integrity for exploit detection and diagnosis
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Observable modified Condition/Decision coverage
Proceedings of the 2013 International Conference on Software Engineering
Automated diagnosis of software configuration errors
Proceedings of the 2013 International Conference on Software Engineering
Jalangi: a selective record-replay and dynamic analysis framework for JavaScript
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones
Communications of the ACM
Model-based, event-driven programming paradigm for interactive web applications
Proceedings of the 2013 ACM international symposium on New ideas, new paradigms, and reflections on programming & software
ShadowReplica: efficient parallelization of dynamic data flow tracking
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
USENIX ATC'13 Proceedings of the 2013 USENIX conference on Annual Technical Conference
A verified information-flow architecture
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
On quantitative dynamic data flow tracking
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.02 |
Dynamic taint analysis is gaining momentum. Techniques based on dynamic tainting have been successfully used in the context of application security, and now their use is also being explored in different areas, such as program understanding, software testing, and debugging. Unfortunately, most existing approaches for dynamic tainting are defined in an ad-hoc manner, which makes it difficult to extend them, experiment with them, and adapt them to new contexts. Moreover, most existing approaches are focused on data-flow based tainting only and do not consider tainting due to control flow, which limits their applicability outside the security domain. To address these limitations and foster experimentation with dynamic tainting techniques, we defined and developed a general framework for dynamic tainting that (1) is highly flexible and customizable, (2) allows for performing both data-flow and control-flow based tainting conservatively, and (3) does not rely on any customized run-time system. We also present DYTAN, an implementation of our framework that works on x86 executables, and a set of preliminary studies that show how DYTAN can be used to implement different tainting-based approaches with limited effort. In the studies, we also show that DYTAN can be used on real software, by using FIREFOX as one of our subjects, and illustrate how the specific characteristics of the tainting approach used can affect efficiency and accuracy of the taint analysis, which further justifies the use of our framework to experiment with different variants of an approach.