skip to main content
10.1145/3674225.3674233acmotherconferencesArticle/Chapter ViewAbstractPublication PagespeaiConference Proceedingsconference-collections
research-article

An Improved Method for Dynamic Taint Analysis

Published: 31 July 2024 Publication History

Abstract

Dynamic taint analysis methods, due to their language independence, reliance on binary code, and high accuracy, have been widely applied in the field of binary program vulnerability detection and security. However, these methods often incur significant performance overhead due to binary instrumentation. To address these issues, this study first categorizes x86 instructions and designs corresponding taint propagation strategies for each instruction category. It introduces the concept of taint analysis-agnostic classes to reduce redundant analysis and minimize performance overhead. Furthermore, a taint flow filtering mechanism is proposed during the taint propagation process to reduce inefficient analysis and improve analysis efficiency. Experimental results demonstrate that the improved dynamic taint analysis method can accurately detect vulnerabilities with CVE identifiers and outperforms traditional dynamic taint analysis methods in terms of performance. Therefore, the proposed improved dynamic taint analysis method effectively enhances both detection effectiveness and performance.

References

[1]
Skybox Security.Vulnerability and Threat Trends Report Mid-Year Update:KeyFindings. [R/OL]. 2020. [2022.11.10]. https://www.skyboxsecurity.com/blog/2020-vulnerability-and-threat-trends-report-mid-year-updatekey-findings.
[2]
Xie JY, Fu X, Du XJ, Autopatchdroid: A framework for patching inter-APP vulnerabilities in Android application.Proceedings of 2017 IEEE International Conference on Communications (ICC). Paris: IEEE, 2017. 1–6.
[3]
Cox L P, Gilbert P, Lawler G, et al. {SpanDex}: Secure Password Tracking for Android [C]//23rd USENIX Security Symposium (USENIX Security 14). 2014: 481-494.
[4]
Enck W, Gilbert P, Chun B G, et al. TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones [J]. Acm Transactions on Computer Systems, 2014, 32(2):1-29.
[5]
Nagy S, Hicks M. Full-speed fuzzing: Reducing fuzzing overhead through coverage-guided tracing [C]//2019 IEEE Symposium on Security and Privacy (SP). IEEE, 2019: 787-802.
[6]
Gu Y, Shu H, Ma R, SpotFuzzer: Static Instrument and Fuzzing Windows COTs [J].Security and Communication Networks, 2022, 2022.
[7]
Chua Z L, Wang Y, Baluta T, et al. One Engine To Serve'em All: Inferring Taint Rules Without Architectural Semantics [C]//NDSS. 2019.
[8]
Jianfeng X X C Z J .Design and implementation of an efficient container tag dynamic taint analysis [J].Computers Security, 2023, 135.
[9]
Hui Y F P Y .DRTaint: A Dynamic Taint Analysis Framework Supporting Correlation Analysis Between Data Regions [J].Journal of Physics: Conference Series, 2021, 1856(1).
[10]
She D, Chen Y, Shah A, Neutaint: Efficient dynamic taint analysis with neural networks [C]//2020 IEEE Symposium on Security and Privacy (SP). IEEE, 2020: 1527-1543.

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
PEAI '24: Proceedings of the 2024 International Conference on Power Electronics and Artificial Intelligence
January 2024
969 pages
ISBN:9798400716638
DOI:10.1145/3674225
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 July 2024

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

PEAI 2024

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 42
    Total Downloads
  • Downloads (Last 12 months)42
  • Downloads (Last 6 weeks)7
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media