Minemu: The World's Fastest Taint Tracker
نویسندگان
چکیده
Dynamic taint analysis is a powerful technique to detect memory corruption attacks. However, with typical overheads of an order of magnitude, current implementations are not suitable for most production systems. The research question we address in this paper is whether the slow-down is a fundamental speed barrier, or an artifact of bolting information flow tracking on emulators really not designed for it? In other words, we designed a new type of emulator from scratch with the goal of removing superfluous instructions to propagate taint. The results are very promising. The emulator, known as Minemu, incurs a slowdown of 1.5x-3x for real and complex applications and 2.4 for SPEC INT2006, while tracking taint at byte level granularity. Minemu’s performance is significantly better than that of existing systems, despite the fact that we have not applied some of their optimizations yet. We believe that the new design may be suitable for certain classes of applications in production systems.
منابع مشابه
Vulnerability-Specific Execution Filtering with Log-Based Architecture Lifeguards
Instruction-grain dynamic monitoring tools can detect bugs and prevent security violations in executing programs. Traditionally, instructions from the monitoring tool are inserted into the currently executing program using well-established techniques such as binary rewriting, software-based emulation, or binary instrumentation in order to provide timely detection and possibly mitigation. Those ...
متن کاملDROIT: Dynamic Alternation of Dual-Level Tainting for Malware Analysis
Taint analysis for Android malware has received much attention in recent research. Existing taint techniques operate either at Java object level or at deeper instruction level. Object-level tracking is suitable for malware written in Java byte-code, but not for native ones. Instruction-level tracking captures the finest data flow. However, it leads to obscure semantic reconstruction and low per...
متن کاملTracking Moving Objects: A Comparative Study
Visual tracking is considered to be one of the most important challenges in computer vision with numerous applications such as object recognition and detection.Inthe present paper, four tracking techniques will be introduced circulant structure with kernels (CSK), Kernelized correlation filters (KCF), Adaptive color attributes (ACT), and distractor – awareness tracker (DAT) for the visual objec...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011