Minemu: The world's fastest taint tracker

Erik Bosman*, Asia Slowinska, Herbert Bos

*Corresponding author for this work

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Dynamic taint analysis is a powerful technique to detect memory corruption attacks. However, with typical overheads of an order of magnitude, current implementations are not suitable for most production systems. The research question we address in this paper is whether the slow-down is a fundamental speed barrier, or an artifact of bolting information flow tracking on emulators really not designed for it. In other words, we designed a new type of emulator from scratch with the goal of removing superfluous instructions to propagate taint. The results are very promising. The emulator, known as Minemu, incurs a slowdown of 1.5x-3x for real and complex applications and 2.4x for SPEC INT2006, while tracking taint at byte level granularity. Minemu's performance is significantly better than that of existing systems, despite the fact that we have not applied some of their optimizations yet. We believe that the new design may be suitable for certain classes of applications in production systems.

Original languageEnglish
Title of host publicationRecent Advances in Intrusion Detection
Subtitle of host publication14th International Symposium, RAID 2011, Menlo Park, CA, USA, September 20-21, 2011, Proceedings
EditorsRobin Sommer, Davide Balzarotti, Gregor Maier
Place of PublicationBerlin
Pages1-20
Number of pages20
ISBN (Electronic)9783642236440
DOIs
Publication statusPublished - 2011
Event14th International Symposium on Recent Advances in Intrusion Detection Systems, RAID 2011 - Menlo Park, CA, United States
Duration: 20 Sep 201121 Sep 2011

Publication series

NameLecture Notes in Computer Science
Volume6961
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference14th International Symposium on Recent Advances in Intrusion Detection Systems, RAID 2011
Country/TerritoryUnited States
CityMenlo Park, CA
Period20/09/1121/09/11

Keywords

  • dynamic taint tracking
  • intrusion detection
  • JIT compilation

Fingerprint

Dive into the research topics of 'Minemu: The world's fastest taint tracker'. Together they form a unique fingerprint.

Cite this