Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimization

Jacob Kreindl; Daniele Bonetta; Lukas Stadler; David Leopoldseder; Hanspeter Mössenböck

doi:10.1145/3475738.3480939

Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimization

Jacob Kreindl
, Daniele Bonetta
, Lukas Stadler
, David Leopoldseder
, Hanspeter Mössenböck

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

Abstract

Dynamic taint analysis (DTA) is a popular program analysis technique with applications to diverse fields such as software vulnerability detection and reverse engineering. It consists of marking sensitive data as tainted and tracking its propagation at runtime. While DTA has been implemented on top of many different analysis platforms, these implementations generally incur significant slowdown from taint propagation. Since a purely dynamic analysis cannot predict which instructions will operate on tainted values at runtime, programs have to be fully instrumented for taint propagation even when they never actually observe tainted values. We propose leveraging speculative optimizations to reduce slowdown on the peak performance of programs instrumented for DTA on a managed runtime capable of dynamic compilation. In this paper, we investigate how speculative optimizations can reduce the peak performance impact of taint propagation on programs executed on a managed runtime. We also explain how a managed runtime can implement DTA to be amenable to such optimizations. We implemented our ideas in TruffleTaint, a DTA platform which supports both dynamic languages like JavaScript and languages like C and C++ which are typically compiled statically. We evaluated TruffleTaint on several benchmarks from the popular Computer Language Benchmarks Game and SPECint 2017 benchmark suites. Our evaluation shows that TruffleTaint is often able to avoid slowdown entirely when programs do not operate on tainted data, and that it exhibits slowdown of on average g1/42.10x and up to g1/45.52x when they do, which is comparable to state-of-the-art taint analysis platforms optimized for performance.

Original language	English
Title of host publication	MPLR 2021
Subtitle of host publication	Proceedings of the 18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes
Editors	Herbert Kuchen, Singer Jeremy
Publisher	Association for Computing Machinery, Inc
Pages	70-87
Number of pages	18
ISBN (Electronic)	9781450386753
DOIs	https://doi.org/10.1145/3475738.3480939
Publication status	Published - 2021
Externally published	Yes
Event	18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes, MPLR 2021 - Virtual, Online, Germany Duration: 29 Sept 2021 → 30 Sept 2021

Conference

Conference	18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes, MPLR 2021
Country/Territory	Germany
City	Virtual, Online
Period	29/09/21 → 30/09/21

Funding

This research project was partially funded by Oracle Labs. We thank all members of the Virtual Machine Research Group at Oracle Labs. Oracle, Java, GraalVM, and HotSpot are trademarks or registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. We also thank all researchers at the Johannes Kepler University Linz’s Institute for System Software for their support of and feedback on our work.

Funders
Oracle Labs

Access to Document

10.1145/3475738.3480939

Persistent URL (handle)

Persistent link

Cite this

Kreindl, J., Bonetta, D., Stadler, L., Leopoldseder, D., & Mössenböck, H. (2021). Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimization. In H. Kuchen, & S. Jeremy (Eds.), MPLR 2021: Proceedings of the 18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes (pp. 70-87). Association for Computing Machinery, Inc. https://doi.org/10.1145/3475738.3480939

Kreindl, Jacob ; Bonetta, Daniele ; Stadler, Lukas et al. / Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimization. MPLR 2021: Proceedings of the 18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes. editor / Herbert Kuchen ; Singer Jeremy. Association for Computing Machinery, Inc, 2021. pp. 70-87

@inproceedings{79b930051dba4eee9cbf94efa00541b8,

title = "Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimization",

abstract = "Dynamic taint analysis (DTA) is a popular program analysis technique with applications to diverse fields such as software vulnerability detection and reverse engineering. It consists of marking sensitive data as tainted and tracking its propagation at runtime. While DTA has been implemented on top of many different analysis platforms, these implementations generally incur significant slowdown from taint propagation. Since a purely dynamic analysis cannot predict which instructions will operate on tainted values at runtime, programs have to be fully instrumented for taint propagation even when they never actually observe tainted values. We propose leveraging speculative optimizations to reduce slowdown on the peak performance of programs instrumented for DTA on a managed runtime capable of dynamic compilation. In this paper, we investigate how speculative optimizations can reduce the peak performance impact of taint propagation on programs executed on a managed runtime. We also explain how a managed runtime can implement DTA to be amenable to such optimizations. We implemented our ideas in TruffleTaint, a DTA platform which supports both dynamic languages like JavaScript and languages like C and C++ which are typically compiled statically. We evaluated TruffleTaint on several benchmarks from the popular Computer Language Benchmarks Game and SPECint 2017 benchmark suites. Our evaluation shows that TruffleTaint is often able to avoid slowdown entirely when programs do not operate on tainted data, and that it exhibits slowdown of on average g1/42.10x and up to g1/45.52x when they do, which is comparable to state-of-the-art taint analysis platforms optimized for performance.",

author = "Jacob Kreindl and Daniele Bonetta and Lukas Stadler and David Leopoldseder and Hanspeter M{\"o}ssenb{\"o}ck",

year = "2021",

doi = "10.1145/3475738.3480939",

language = "English",

pages = "70--87",

editor = "Herbert Kuchen and Singer Jeremy",

booktitle = "MPLR 2021",

publisher = "Association for Computing Machinery, Inc",

note = "18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes, MPLR 2021 ; Conference date: 29-09-2021 Through 30-09-2021",

}

Kreindl, J, Bonetta, D, Stadler, L, Leopoldseder, D & Mössenböck, H 2021, Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimization. in H Kuchen & S Jeremy (eds), MPLR 2021: Proceedings of the 18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes. Association for Computing Machinery, Inc, pp. 70-87, 18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes, MPLR 2021, Virtual, Online, Germany, 29/09/21. https://doi.org/10.1145/3475738.3480939

Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimization. / Kreindl, Jacob; Bonetta, Daniele; Stadler, Lukas et al.
MPLR 2021: Proceedings of the 18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes. ed. / Herbert Kuchen; Singer Jeremy. Association for Computing Machinery, Inc, 2021. p. 70-87.

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimization

AU - Kreindl, Jacob

AU - Bonetta, Daniele

AU - Stadler, Lukas

AU - Leopoldseder, David

AU - Mössenböck, Hanspeter

PY - 2021

Y1 - 2021

N2 - Dynamic taint analysis (DTA) is a popular program analysis technique with applications to diverse fields such as software vulnerability detection and reverse engineering. It consists of marking sensitive data as tainted and tracking its propagation at runtime. While DTA has been implemented on top of many different analysis platforms, these implementations generally incur significant slowdown from taint propagation. Since a purely dynamic analysis cannot predict which instructions will operate on tainted values at runtime, programs have to be fully instrumented for taint propagation even when they never actually observe tainted values. We propose leveraging speculative optimizations to reduce slowdown on the peak performance of programs instrumented for DTA on a managed runtime capable of dynamic compilation. In this paper, we investigate how speculative optimizations can reduce the peak performance impact of taint propagation on programs executed on a managed runtime. We also explain how a managed runtime can implement DTA to be amenable to such optimizations. We implemented our ideas in TruffleTaint, a DTA platform which supports both dynamic languages like JavaScript and languages like C and C++ which are typically compiled statically. We evaluated TruffleTaint on several benchmarks from the popular Computer Language Benchmarks Game and SPECint 2017 benchmark suites. Our evaluation shows that TruffleTaint is often able to avoid slowdown entirely when programs do not operate on tainted data, and that it exhibits slowdown of on average g1/42.10x and up to g1/45.52x when they do, which is comparable to state-of-the-art taint analysis platforms optimized for performance.

AB - Dynamic taint analysis (DTA) is a popular program analysis technique with applications to diverse fields such as software vulnerability detection and reverse engineering. It consists of marking sensitive data as tainted and tracking its propagation at runtime. While DTA has been implemented on top of many different analysis platforms, these implementations generally incur significant slowdown from taint propagation. Since a purely dynamic analysis cannot predict which instructions will operate on tainted values at runtime, programs have to be fully instrumented for taint propagation even when they never actually observe tainted values. We propose leveraging speculative optimizations to reduce slowdown on the peak performance of programs instrumented for DTA on a managed runtime capable of dynamic compilation. In this paper, we investigate how speculative optimizations can reduce the peak performance impact of taint propagation on programs executed on a managed runtime. We also explain how a managed runtime can implement DTA to be amenable to such optimizations. We implemented our ideas in TruffleTaint, a DTA platform which supports both dynamic languages like JavaScript and languages like C and C++ which are typically compiled statically. We evaluated TruffleTaint on several benchmarks from the popular Computer Language Benchmarks Game and SPECint 2017 benchmark suites. Our evaluation shows that TruffleTaint is often able to avoid slowdown entirely when programs do not operate on tainted data, and that it exhibits slowdown of on average g1/42.10x and up to g1/45.52x when they do, which is comparable to state-of-the-art taint analysis platforms optimized for performance.

UR - https://www.scopus.com/pages/publications/85117490299

U2 - 10.1145/3475738.3480939

DO - 10.1145/3475738.3480939

M3 - Conference contribution

SP - 70

EP - 87

BT - MPLR 2021

A2 - Kuchen, Herbert

A2 - Jeremy, Singer

PB - Association for Computing Machinery, Inc

T2 - 18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes, MPLR 2021

Y2 - 29 September 2021 through 30 September 2021

ER -

Kreindl J, Bonetta D, Stadler L, Leopoldseder D, Mössenböck H. Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimization. In Kuchen H, Jeremy S, editors, MPLR 2021: Proceedings of the 18th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes. Association for Computing Machinery, Inc. 2021. p. 70-87 Epub 2021 Sept 29. doi: 10.1145/3475738.3480939

Low-overhead multi-language dynamic taint analysis on managed runtimes through speculative optimization

Abstract

Conference

Funding

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this