Minemu: The world's fastest taint tracker

Erik Bosman; Asia Slowinska; Herbert Bos

doi:10.1007/978-3-642-23644-0_1

Minemu: The world's fastest taint tracker

Erik Bosman^*, Asia Slowinska, Herbert Bos

^*Corresponding author for this work

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

Abstract

Dynamic taint analysis is a powerful technique to detect memory corruption attacks. However, with typical overheads of an order of magnitude, current implementations are not suitable for most production systems. The research question we address in this paper is whether the slow-down is a fundamental speed barrier, or an artifact of bolting information flow tracking on emulators really not designed for it. In other words, we designed a new type of emulator from scratch with the goal of removing superfluous instructions to propagate taint. The results are very promising. The emulator, known as Minemu, incurs a slowdown of 1.5x-3x for real and complex applications and 2.4x for SPEC INT2006, while tracking taint at byte level granularity. Minemu's performance is significantly better than that of existing systems, despite the fact that we have not applied some of their optimizations yet. We believe that the new design may be suitable for certain classes of applications in production systems.

Original language	English
Title of host publication	Recent Advances in Intrusion Detection
Subtitle of host publication	14th International Symposium, RAID 2011, Menlo Park, CA, USA, September 20-21, 2011, Proceedings
Editors	Robin Sommer, Davide Balzarotti, Gregor Maier
Place of Publication	Berlin
Pages	1-20
Number of pages	20
ISBN (Electronic)	9783642236440
DOIs	https://doi.org/10.1007/978-3-642-23644-0_1
Publication status	Published - 2011
Event	14th International Symposium on Recent Advances in Intrusion Detection Systems, RAID 2011 - Menlo Park, CA, United States Duration: 20 Sept 2011 → 21 Sept 2011

Publication series

Name	Lecture Notes in Computer Science
Volume	6961
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	14th International Symposium on Recent Advances in Intrusion Detection Systems, RAID 2011
Country/Territory	United States
City	Menlo Park, CA
Period	20/09/11 → 21/09/11

Keywords

dynamic taint tracking
intrusion detection
JIT compilation

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1007/978-3-642-23644-0_1

Handle.net

Persistent link

Cite this

Bosman, E., Slowinska, A., & Bos, H. (2011). Minemu: The world's fastest taint tracker. In R. Sommer, D. Balzarotti, & G. Maier (Eds.), Recent Advances in Intrusion Detection: 14th International Symposium, RAID 2011, Menlo Park, CA, USA, September 20-21, 2011, Proceedings (pp. 1-20). (Lecture Notes in Computer Science; Vol. 6961).. https://doi.org/10.1007/978-3-642-23644-0_1

@inproceedings{2024160930bb48d091c28135a1ac16f2,

title = "Minemu: The world's fastest taint tracker",

abstract = "Dynamic taint analysis is a powerful technique to detect memory corruption attacks. However, with typical overheads of an order of magnitude, current implementations are not suitable for most production systems. The research question we address in this paper is whether the slow-down is a fundamental speed barrier, or an artifact of bolting information flow tracking on emulators really not designed for it. In other words, we designed a new type of emulator from scratch with the goal of removing superfluous instructions to propagate taint. The results are very promising. The emulator, known as Minemu, incurs a slowdown of 1.5x-3x for real and complex applications and 2.4x for SPEC INT2006, while tracking taint at byte level granularity. Minemu's performance is significantly better than that of existing systems, despite the fact that we have not applied some of their optimizations yet. We believe that the new design may be suitable for certain classes of applications in production systems.",

keywords = "dynamic taint tracking, intrusion detection, JIT compilation",

author = "Erik Bosman and Asia Slowinska and Herbert Bos",

year = "2011",

doi = "10.1007/978-3-642-23644-0_1",

language = "English",

isbn = "9783642236433",

series = "Lecture Notes in Computer Science",

pages = "1--20",

editor = "Robin Sommer and Davide Balzarotti and Gregor Maier",

booktitle = "Recent Advances in Intrusion Detection",

note = "14th International Symposium on Recent Advances in Intrusion Detection Systems, RAID 2011 ; Conference date: 20-09-2011 Through 21-09-2011",

}

Bosman, E, Slowinska, A & Bos, H 2011, Minemu: The world's fastest taint tracker. in R Sommer, D Balzarotti & G Maier (eds), Recent Advances in Intrusion Detection: 14th International Symposium, RAID 2011, Menlo Park, CA, USA, September 20-21, 2011, Proceedings. Lecture Notes in Computer Science, vol. 6961, Berlin, pp. 1-20, 14th International Symposium on Recent Advances in Intrusion Detection Systems, RAID 2011, Menlo Park, CA, United States, 20/09/11. https://doi.org/10.1007/978-3-642-23644-0_1

Minemu: The world's fastest taint tracker. / Bosman, Erik; Slowinska, Asia; Bos, Herbert.
Recent Advances in Intrusion Detection: 14th International Symposium, RAID 2011, Menlo Park, CA, USA, September 20-21, 2011, Proceedings. ed. / Robin Sommer; Davide Balzarotti; Gregor Maier. Berlin, 2011. p. 1-20 (Lecture Notes in Computer Science; Vol. 6961).

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Minemu

T2 - 14th International Symposium on Recent Advances in Intrusion Detection Systems, RAID 2011

AU - Bosman, Erik

AU - Slowinska, Asia

AU - Bos, Herbert

PY - 2011

Y1 - 2011

N2 - Dynamic taint analysis is a powerful technique to detect memory corruption attacks. However, with typical overheads of an order of magnitude, current implementations are not suitable for most production systems. The research question we address in this paper is whether the slow-down is a fundamental speed barrier, or an artifact of bolting information flow tracking on emulators really not designed for it. In other words, we designed a new type of emulator from scratch with the goal of removing superfluous instructions to propagate taint. The results are very promising. The emulator, known as Minemu, incurs a slowdown of 1.5x-3x for real and complex applications and 2.4x for SPEC INT2006, while tracking taint at byte level granularity. Minemu's performance is significantly better than that of existing systems, despite the fact that we have not applied some of their optimizations yet. We believe that the new design may be suitable for certain classes of applications in production systems.

AB - Dynamic taint analysis is a powerful technique to detect memory corruption attacks. However, with typical overheads of an order of magnitude, current implementations are not suitable for most production systems. The research question we address in this paper is whether the slow-down is a fundamental speed barrier, or an artifact of bolting information flow tracking on emulators really not designed for it. In other words, we designed a new type of emulator from scratch with the goal of removing superfluous instructions to propagate taint. The results are very promising. The emulator, known as Minemu, incurs a slowdown of 1.5x-3x for real and complex applications and 2.4x for SPEC INT2006, while tracking taint at byte level granularity. Minemu's performance is significantly better than that of existing systems, despite the fact that we have not applied some of their optimizations yet. We believe that the new design may be suitable for certain classes of applications in production systems.

KW - dynamic taint tracking

KW - intrusion detection

KW - JIT compilation

UR - http://www.scopus.com/inward/record.url?scp=84857284621&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84857284621&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-23644-0_1

DO - 10.1007/978-3-642-23644-0_1

M3 - Conference contribution

SN - 9783642236433

T3 - Lecture Notes in Computer Science

SP - 1

EP - 20

BT - Recent Advances in Intrusion Detection

A2 - Sommer, Robin

A2 - Balzarotti, Davide

A2 - Maier, Gregor

CY - Berlin

Y2 - 20 September 2011 through 21 September 2011

ER -

Minemu: The world's fastest taint tracker

Abstract

Publication series

Conference

Keywords

UN SDGs

Access to Document

Handle.net

Other files and links

Fingerprint

Cite this