The taint rabbit: optimizing generic taint analysis with dynamic fast path generation

Conference item

Generic taint analysis is a pivotal technique in software security. However, it suffers from staggeringly high overhead. In this paper, we explore the hypothesis whether just-in-time (JIT) generation of fast paths for tracking taint can enhance the performance. To this end, we present the Taint Rabbit, which supports highly customizable user-defined taint policies and combines a JIT with fast context switching. Our experimental results suggest that this combination outperforms notable existing implementations of generic taint analysis and bridges the performance gap to specialized trackers. For instance, Dytan incurs an average overhead of 237x, while the Taint Rabbit achieves 1.7x on the same set of benchmarks. This compares favorably to the 1.5x overhead delivered by the bitwise, non-generic, taint engine LibDFT.

Authors: Galea, J; Kroening, D

• Alternative title: Conference paper
• Publication status: Published
• Peer review status: Peer reviewed
• Publisher: Association for Computing Machinery
• Host title: ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security
• Pages: 622–636
• Publication date: 2020-10-05
• Acceptance date: 2020-02-16
• Event title: 15th ACM ASIA Conference on Computer and Communications Security (ACM ASIA CCS 2020)
• Event location: Taipei, Taiwan
• Event website: https://asiaccs2020.cs.nthu.edu.tw/
• Event start date: 2020-10-05
• Event end date: 2020-10-09
• DOI: 10.1145/3320269.3384764
• ISBN: 9781450367509
• Language: English
• Keywords: dynamic taint analysis; adaptive optimization; software security; FFR