Polyglot, Label-Defined Dynamic Taint Analysis in TruffleTaint
Authors: 
Jacob Kreindl, 
Daniele Bonetta, 
David Leopoldseder, Lukas Stadler, 
Hanspeter MössenböckAuthors Info & Claims
Jacob Kreindl, Daniele Bonetta, David Leopoldseder, Lukas Stadler, Hanspeter MössenböckAuthors Info & ClaimsPages 152 - 153
Abstract
Dynamic taint analysis assigns taint labels to sensitive data and tracks the propagation of such tainted data during program execution. This program analysis technique has been implemented in various analysis platforms targeting specific programming languages or program representations and has been applied to diverse fields such as software security and debugging. While some of these platforms support customization of their taint analysis, such customization is typically limited to certain analysis properties or to predefined options. This limitation can require analysis developers to modify the analysis platform in order to adapt other analysis properties or to implement new taint analysis applications.
We designed label-defined dynamic taint analysis as a new approach to specifying a dynamic taint analysis in terms of taint labels. This approach enables an analysis platform to allow analysis developers to adapt arbitrary analysis properties without modifying the platform itself. We implemented our approach in TruffleTaint, a GraalVM-based dynamic taint analysis platform targeting multiple programming languages. Our prototype supports implementing taint analyses in multiple programming languages and further provides tooling support for analysis development. In this tool demonstration we will present the capabilities of our prototype and demonstrate the implementation of label-defined dynamic taint analyses with common adaptations to various analysis properties.
References
[1]
M. L. Van de Vanter, C. Seaton, M. Haupt, C. Humer, and T. Würthinger. 2018. Fast, Flexible, Polyglot Instrumentation Support for Debuggers and other Tools. Art Sci. Eng. Program. 2, 3 (2018), 14. https://doi.org/10.22152/programming-journal.org/2018/2/14
[2]
J. Kreindl, D. Bonetta, L. Stadler, D. Leopoldseder, and H. Mössenböck. 2022. Dynamic Taint Analysis with Label-Defined Semantics. In MPLR ’22: 19th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes, Brussels, Belgium, September 14-16, 2022. ACM. https://doi.org/10.1145/3546918.3546927
[3]
E. J. Schwartz, T. Avgerinos, and D. Brumley. 2010. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask). In 31st IEEE Symposium on Security and Privacy, S&P 2010, 16-19 May 2010, Berleley/Oakland, California, USA. IEEE Computer Society, 317–331. https://doi.org/10.1109/SP.2010.26
Index Terms
- Polyglot, Label-Defined Dynamic Taint Analysis in TruffleTaint
Recommendations
Dynamic Taint Analysis with Label-Defined Semantics
MPLR '22: Proceedings of the 19th International Conference on Managed Programming Languages and RuntimesDynamic taint analysis is a popular analysis technique which tracks the propagation of specific values while a program executes. To this end, a taint label is attached to these values and is dynamically propagated to any values derived from them. ...
Multi-language dynamic taint analysis in a polyglot virtual machine
MPLR '20: Proceedings of the 17th International Conference on Managed Programming Languages and RuntimesDynamic taint analysis is a popular program analysis technique in which sensitive data is marked as tainted and the propagation of tainted data is tracked in order to determine whether that data reaches critical program locations. This analysis ...
Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimization
MPLR 2021: Proceedings of the 18th ACM SIGPLAN International Conference on Managed Programming Languages and RuntimesDynamic taint analysis (DTA) is a popular program analysis technique with applications to diverse fields such as software vulnerability detection and reverse engineering. It consists of marking sensitive data as tainted and tracking its propagation at ...
Comments
Information & Contributors
Information
Published In
September 2022
161 pages
Copyright © 2022 Owner/Author.
This work is licensed under a Creative Commons Attribution-ShareAlike International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 30 November 2022
Check for updates
Author Tags
Qualifiers
- Short-paper
- Research
- Refereed limited
Conference
MPLR '22
MPLR '22: 19th International Conference on Managed Programming Languages and Runtimes
September 14 - 15, 2022
Brussels, Belgium
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 191Total Downloads
- Downloads (Last 12 months)118
- Downloads (Last 6 weeks)20
Reflects downloads up to 06 Feb 2025
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in