Dynamic taint tracking is a program analysis that traces the flow of information through a program. In the Java virtual machine (JVM), there are two prominent approaches for dynamic taint tracking: “shadowing” and “mirroring”. Shadowing is able to precisely track information flows, but is also prone to disrupting the semantics of the program under analysis. Mirroring is better able to preserve program semantics, but often inaccurate. The limitations of these approaches are further exacerbated by features introduced in the latest Java versions. In this paper, we propose Galette, an approach for dynamic taint tracking in the JVM that combines aspects of both shadowing and mirroring to provide precise, robust taint tag propagation in modern JVMs. On a benchmark suite of 3,451 synthetic Java programs, we found that Galette was able to propagate taint tags with perfect accuracy while preserving program semantics on all four active long-term support versions of Java. We also found that Galette’s runtime and memory overheads were competitive with that of two state-of-the-art dynamic taint tracking systems on a benchmark suite of twenty real-world Java programs.
Mon 23 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
14:00 - 15:20 | Program Analysis 1Industry Papers / Research Papers at Cosmos 3A Chair(s): Shiyi Wei University of Texas at Dallas | ||
14:00 20mTalk | Dynamic Taint Tracking for Modern Java Virtual Machines Research Papers DOI | ||
14:20 20mTalk | HapTest: The Dynamic Analysis Framework for OpenHarmony Industry Papers Farong Liu Beihang University, Mingyi Zhou Beihang University, Yakun Zhang Peking University, Ting Su East China Normal University, Bo Sun Huawei, Jacques Klein University of Luxembourg, Xiang Gao Beihang University, Li Li Beihang University | ||
14:40 20mTalk | An Empirical Study of Suppressed Static Analysis Warnings Research Papers Huimin Hu University of Stuttgart, Yingying Wang University of British Columbia, Julia Rubin The University of British Columbia, Michael Pradel University of Stuttgart DOI | ||
15:00 20mTalk | A New Approach to Evaluating Nullability Inference Tools Research Papers Nima Karimipour University of California, Riverside, Erfan Arvan New Jersey Institute of Technology, Martin Kellogg New Jersey Institute of Technology, Manu Sridharan University of California at Riverside DOI | ||
Cosmos 3A is the first room in the Cosmos 3 wing.
When facing the main Cosmos Hall, access to the Cosmos 3 wing is on the left, close to the stairs. The area is accessed through a large door with the number “3”, which will stay open during the event.