Write a Blog >>
Wed 12 Jul 2017 09:00 - 09:30 at Bren 1414 - ISSTA 2017 Impact Paper Award Chair(s): Andreas Zeller

ISSTA 2017 Impact Paper Award

Original abstract: Dynamic taint analysis is gaining momentum. Techniques based on dynamic tainting have been successfully used in the context of application security, and now their use is also being explored in different areas, such as program understanding, software testing, and debugging. Unfortunately, most existing approaches for dynamic tainting are defined in an ad-hoc manner, which makes it difficult to extend them, experiment with them, and adapt them to new contexts. Moreover, most existing approaches are focused on data-flow based tainting only and do not consider tainting due to control flow, which limits their applicability outside the security domain. To address these limitations and foster experimentation with dynamic tainting techniques, we defined and developed a general framework for dynamic tainting that (1) is highly flexible and customizable, (2) allows for performing both data-flow and control-flow based tainting conservatively, and (3) does not rely on any customized run-time system. We also present DYTAN, an implementation of our framework that works on x86 executables, and a set of preliminary studies that show how DYTAN can be used to implement different tainting-based approaches with limited effort. In the studies, we also show that DYTAN can be used on real software, by using FIREFOX as one of our subjects, and illustrate how the specific characteristics of the tainting approach used can affect efficiency and accuracy of the taint analysis, which further justifies the use of our framework to experiment with different variants of an approach.

Wed 12 Jul

Displayed time zone: Tijuana, Baja California change

09:00 - 09:30
ISSTA 2017 Impact Paper AwardAgenda at Bren 1414
Chair(s): Andreas Zeller Saarland University
ISSTA 2017 Impact Paper Award: Dytan: a generic dynamic taint analysis framework
James Clause University of Delaware, Wanchun Li , Alessandro Orso Georgia Tech
Link to publication DOI