| Title | Towards efficient, multi-language dynamic taint analysis |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Kreindl, Jacob, Bonetta, Daniele, Mössenböck, Hanspeter |
| Conference Name | Proceedings of the 16th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes |
| Publisher | Association for Computing Machinery |
| Conference Location | Athens, Greece |
| ISBN Number | 978-1-4503-6977-0 |
| Keywords | composability, Cross-Language Taint Analysis, dynamic taint analysis, GraalVM, JavaScript, LLVM, Metrics, Multi-Language Taint Analysis, Native Extensions, Node.js, pubcrawl, Sulong, taint analysis |
| Abstract | Dynamic taint analysis is a program analysis technique in which data is marked and its propagation is tracked while the program is executing. It is applied to solve problems in many fields, especially in software security. Current taint analysis platforms are limited to a single programming language, and therefore cannot support programs which, as is common today, are implemented in multiple programming languages. Current implementations of dynamic taint analysis also incur a significant performance overhead. In this paper we address both these limitations (1) by presenting our vision of a multi-language dynamic taint analysis platform, which is built around a language-agnostic core framework that is extended by language-specific front-ends and (2) by discussing the use of speculative optimization and dynamic compilation to reduce the execution overhead of dynamic taint analysis applications. An implementation of such a platform would enable dynamic taint analyses that can target multiple languages in one analysis implementation and can track tainted data across language boundaries. We describe this approach in the context of the GraalVM runtime and its included JIT compiler, Graal, which allows us to target both dynamic and static languages. |
| URL | https://doi.org/10.1145/3357390.3361028 |
| DOI | 10.1145/3357390.3361028 |
| Citation Key | kreindl_towards_2019 |
Towards efficient, multi-language dynamic taint analysis