Zhiyou Tian (Xidian University), Cong Sun (Xidian University), Dongrui Zeng (Palo Alto Networks), Gang Tan (Pennsylvania State University)

Dynamic taint analysis (DTA) has been widely used in security applications, including exploit detection, data provenance, fuzzing improvement, and information flow control. Meanwhile, the usability of DTA is argued on its high runtime overhead, causing a slowdown of more than one magnitude on large binaries. Various approaches have used preliminary static analysis and introduced parallelization or higher-granularity abstractions to raise the scalability of DTA. In this paper, we present a dynamic taint analysis framework podft that defines and enforces different fast paths to improve the efficiency of DBI-based dynamic taint analysis. podft uses a value-set analysis (VSA) to differentiate the instructions that must not be tainted from those potentially tainted. Combining the VSA-based analysis results with proper library function abstractions, we develop taint tracking policies for fast and slow paths and implement the tracking policy enforcement as a Pin-based taint tracker. The experimental results show that podft is more efficient than the state-of-the-art fast path-based DTA approach and competitive with the static binary rewriting approach. podft has a high potential to integrate basic block-level deep neural networks to simplify fast path enforcement and raise tracking efficiency.

View More Papers

Access Your Tesla without Your Awareness: Compromising Keyless Entry...

Xinyi Xie (Shanghai Fudan Microelectronics Group Co., Ltd.), Kun Jiang (Shanghai Fudan Microelectronics Group Co., Ltd.), Rui Dai (Shanghai Fudan Microelectronics Group Co., Ltd.), Jun Lu (Shanghai Fudan Microelectronics Group Co., Ltd.), Lihui Wang (Shanghai Fudan Microelectronics Group Co., Ltd.), Qing Li (State Key Laboratory of ASIC & System, Fudan University), Jun Yu (State Key…

Read More

Him of Many Faces: Characterizing Billion-scale Adversarial and Benign...

Shujiang Wu (Johns Hopkins University), Pengfei Sun (F5, Inc.), Yao Zhao (F5, Inc.), Yinzhi Cao (Johns Hopkins University)

Read More

“This is different from the Western world”: Understanding Password...

Aniqa Alam, Elizabeth Stobert, Robert Biddle (Carleton University)

Read More

Kids, Cats, and Control: Designing Privacy and Security Dashboard...

Jacob Abbott (Indiana University), Jayati Dev (Indiana University), DongInn Kim (Indiana University), Shakthidhar Reddy Gopavaram (Indiana University), Meera Iyer (Indiana University), Shivani Sadam (Indiana University) , Shirang Mare (Western Washington University), Tatiana Ringenberg (Purdue University), Vafa Andalibi (Indiana University), and L. Jean Camp(Indiana University)

Read More