Towards efficient, multi-language dynamic taint analysis

Jacob Kreindl; Daniele Bonetta; Hanspeter Mössenböck

doi:10.1145/3357390.3361028

Towards efficient, multi-language dynamic taint analysis

Jacob Kreindl, Daniele Bonetta, Hanspeter Mössenböck

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

Abstract

Dynamic taint analysis is a program analysis technique in which data is marked and its propagation is tracked while the program is executing. It is applied to solve problems in many fields, especially in software security. Current taint analysis platforms are limited to a single programming language, and therefore cannot support programs which, as is common today, are implemented in multiple programming languages. Current implementations of dynamic taint analysis also incur a significant performance overhead. In this paper we address both these limitations (1) by presenting our vision of a multi-language dynamic taint analysis platform, which is built around a language-Agnostic core framework that is extended by language-specific frontends and (2) by discussing the use of speculative optimization and dynamic compilation to reduce the execution overhead of dynamic taint analysis applications. An implementation of such a platformwould enable dynamic taint analyses that can target multiple languages in one analysis implementation and can track tainted data across language boundaries. We describe this approach in the context of the GraalVM runtime and its included JIT compiler, Graal, which allows us to target both dynamic and static languages. c 2019 Copyright held by the owner/author(s). Publication rights licensed to ACM.

Original language	English
Title of host publication	MPLR 2019 - Proceedings of the 16th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes, co-located with SPLASH 2019
Editors	A. Hosking, I. Finocchi
Publisher	Association for Computing Machinery, Inc
Pages	85-94
ISBN (Electronic)	9781450369770
DOIs	https://doi.org/10.1145/3357390.3361028
Publication status	Published - 21 Oct 2019
Externally published	Yes
Event	16th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes, MPLR 2019, co-located with SPLASH 2019 - Athens, Greece Duration: 21 Oct 2019 → 22 Oct 2019

Conference

Conference	16th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes, MPLR 2019, co-located with SPLASH 2019
Country/Territory	Greece
City	Athens
Period	21/10/19 → 22/10/19

Funding

∗This research project is partially funded by Oracle Labs.

Funders	Funder number
Oracle

Access to Document

10.1145/3357390.3361028

Persistent URL (handle)

Persistent link

Cite this

Kreindl, J., Bonetta, D., & Mössenböck, H. (2019). Towards efficient, multi-language dynamic taint analysis. In A. Hosking, & I. Finocchi (Eds.), MPLR 2019 - Proceedings of the 16th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes, co-located with SPLASH 2019 (pp. 85-94). Association for Computing Machinery, Inc. https://doi.org/10.1145/3357390.3361028

@inproceedings{d88762099dc442a8b29830b7fb831704,

title = "Towards efficient, multi-language dynamic taint analysis",

abstract = "Dynamic taint analysis is a program analysis technique in which data is marked and its propagation is tracked while the program is executing. It is applied to solve problems in many fields, especially in software security. Current taint analysis platforms are limited to a single programming language, and therefore cannot support programs which, as is common today, are implemented in multiple programming languages. Current implementations of dynamic taint analysis also incur a significant performance overhead. In this paper we address both these limitations (1) by presenting our vision of a multi-language dynamic taint analysis platform, which is built around a language-Agnostic core framework that is extended by language-specific frontends and (2) by discussing the use of speculative optimization and dynamic compilation to reduce the execution overhead of dynamic taint analysis applications. An implementation of such a platformwould enable dynamic taint analyses that can target multiple languages in one analysis implementation and can track tainted data across language boundaries. We describe this approach in the context of the GraalVM runtime and its included JIT compiler, Graal, which allows us to target both dynamic and static languages. c 2019 Copyright held by the owner/author(s). Publication rights licensed to ACM.",

author = "Jacob Kreindl and Daniele Bonetta and Hanspeter M{\"o}ssenb{\"o}ck",

year = "2019",

month = oct,

day = "21",

doi = "10.1145/3357390.3361028",

language = "English",

pages = "85--94",

editor = "A. Hosking and I. Finocchi",

booktitle = "MPLR 2019 - Proceedings of the 16th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes, co-located with SPLASH 2019",

publisher = "Association for Computing Machinery, Inc",

note = "16th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes, MPLR 2019, co-located with SPLASH 2019 ; Conference date: 21-10-2019 Through 22-10-2019",

}

Kreindl, J, Bonetta, D & Mössenböck, H 2019, Towards efficient, multi-language dynamic taint analysis. in A Hosking & I Finocchi (eds), MPLR 2019 - Proceedings of the 16th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes, co-located with SPLASH 2019. Association for Computing Machinery, Inc, pp. 85-94, 16th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes, MPLR 2019, co-located with SPLASH 2019, Athens, Greece, 21/10/19. https://doi.org/10.1145/3357390.3361028

Towards efficient, multi-language dynamic taint analysis. / Kreindl, Jacob; Bonetta, Daniele; Mössenböck, Hanspeter.
MPLR 2019 - Proceedings of the 16th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes, co-located with SPLASH 2019. ed. / A. Hosking; I. Finocchi. Association for Computing Machinery, Inc, 2019. p. 85-94.

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Towards efficient, multi-language dynamic taint analysis

AU - Kreindl, Jacob

AU - Bonetta, Daniele

AU - Mössenböck, Hanspeter

PY - 2019/10/21

Y1 - 2019/10/21

N2 - Dynamic taint analysis is a program analysis technique in which data is marked and its propagation is tracked while the program is executing. It is applied to solve problems in many fields, especially in software security. Current taint analysis platforms are limited to a single programming language, and therefore cannot support programs which, as is common today, are implemented in multiple programming languages. Current implementations of dynamic taint analysis also incur a significant performance overhead. In this paper we address both these limitations (1) by presenting our vision of a multi-language dynamic taint analysis platform, which is built around a language-Agnostic core framework that is extended by language-specific frontends and (2) by discussing the use of speculative optimization and dynamic compilation to reduce the execution overhead of dynamic taint analysis applications. An implementation of such a platformwould enable dynamic taint analyses that can target multiple languages in one analysis implementation and can track tainted data across language boundaries. We describe this approach in the context of the GraalVM runtime and its included JIT compiler, Graal, which allows us to target both dynamic and static languages. c 2019 Copyright held by the owner/author(s). Publication rights licensed to ACM.

AB - Dynamic taint analysis is a program analysis technique in which data is marked and its propagation is tracked while the program is executing. It is applied to solve problems in many fields, especially in software security. Current taint analysis platforms are limited to a single programming language, and therefore cannot support programs which, as is common today, are implemented in multiple programming languages. Current implementations of dynamic taint analysis also incur a significant performance overhead. In this paper we address both these limitations (1) by presenting our vision of a multi-language dynamic taint analysis platform, which is built around a language-Agnostic core framework that is extended by language-specific frontends and (2) by discussing the use of speculative optimization and dynamic compilation to reduce the execution overhead of dynamic taint analysis applications. An implementation of such a platformwould enable dynamic taint analyses that can target multiple languages in one analysis implementation and can track tainted data across language boundaries. We describe this approach in the context of the GraalVM runtime and its included JIT compiler, Graal, which allows us to target both dynamic and static languages. c 2019 Copyright held by the owner/author(s). Publication rights licensed to ACM.

UR - http://www.scopus.com/inward/record.url?scp=85076689448&partnerID=8YFLogxK

U2 - 10.1145/3357390.3361028

DO - 10.1145/3357390.3361028

M3 - Conference contribution

SP - 85

EP - 94

BT - MPLR 2019 - Proceedings of the 16th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes, co-located with SPLASH 2019

A2 - Hosking, A.

A2 - Finocchi, I.

PB - Association for Computing Machinery, Inc

T2 - 16th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes, MPLR 2019, co-located with SPLASH 2019

Y2 - 21 October 2019 through 22 October 2019

ER -

Towards efficient, multi-language dynamic taint analysis

Abstract

Conference

Funding

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this