Iodine: Fast Dynamic Taint Tracking Using Rollback-free Optimistic Hybrid Analysis

Banerjee, Subarno; Devecsery, David; Chen, Peter M.; Narayanasamy, Satish

doi:10.1109/sp.2019.00043

Cited by 20 publications

(9 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To aid validate this claim, we ran the same experiments but randomly sampled taint introduction based on various probabilities. For instance, on SPEC CPU, overall overhead is reduced to 12.5x from 22.4x when the odds of introducing taint is set to 1 25 .…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

The Taint Rabbit: Optimizing Generic Taint Analysis with Dynamic Fast Path Generation

Galea

Kroening

2020

Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

Generic taint analysis is a pivotal technique in software security. However, it suffers from staggeringly high overhead. In this paper, we explore the hypothesis whether just-in-time (JIT) generation of fast paths for tracking taint can enhance the performance. To this end, we present the Taint Rabbit, which supports highly customizable user-defined taint policies and combines a JIT with fast context switching. Our experimental results suggest that this combination outperforms notable existing implementations of generic taint analysis and bridges the performance gap to specialized trackers. For instance, Dytan incurs an average overhead of 237x, while the Taint Rabbit achieves 1.7x on the same set of benchmarks. This compares favorably to the 1.5x overhead delivered by the bitwise, non-generic, taint engine LibDFT. CCS CONCEPTS • Security and privacy → Systems security; Software and application security;

show abstract

Section: Resultsmentioning

confidence: 99%

“…Iodine [1] also uses dynamic information to drive static analysis. Instrumentation is optimistically pruned such that it avoids rollbacks upon violations of likely runtime invariants.…”

Section: Related Workmentioning

confidence: 99%

The Taint Rabbit: Optimizing Generic Taint Analysis with Dynamic Fast Path Generation

Galea

Kroening

2020

Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…Taint analysis [ 12 ] are technologies to analyze program information flow to detect vulnerabilities or malware. Dynamic taint analysis has been applied to android systems [ 13 , 14 ]. For boosting taint analysis, Chen et al [ 15 ] used dynamic taint analysis with neural networks.…”

Section: Related Workmentioning

confidence: 99%

A Reverse Modification Method for Binary Code and Data

Duan

2022

Sensors

View full text Add to dashboard Cite

This paper reveals the hidden dangers of reverse data modifications on distributed software with network synchronization, during the era of 5G, which may occur in more important domains, such as telemedicine and automatic driving. We used pseudo-codes to formally elaborate the distributed software architectures and design patterns. It is necessary to deal with three challenges for the modification of binary code and data in the distributed software architectures: (1) the base virtual addresses of software objects are changed frequently for safety; (2) prior knowledge of the reverse is not considered; (3) system memory values of some target objects are changed with extreme speed. For this purpose, a novel reverse modification method for binary code and data is proposed. According to the knowledge-based rules, our method can manipulate physical data, sight data, animation data, etc., while the game synchronization mechanism cannot detect the changes. The implementation details of our method are presented using high-level programming languages (C++) and low-level programming languages (assembly), based on multiple snippets, so that readers can understand both the overall distributed software developments and the corresponding reverse processes. In particular, two network games are used for the demonstrations in this paper. The demonstration results show that our proposed methodology is efficient (as proved by formulas and practices) to manipulate the codes and data of distributed software using a synchronization mechanism.

show abstract

“…After that, the similar offline scheme StraightTaint is also proposed [26], and Wang et al also proposed another offline analysis method [27]. Recently, Banerjee et al proposed the new analysis tool Iodine [28], which can avoid the frequent rollbacks in the optimistic dynamic analysis. Most of the researches were based on dynamic binary instrumentation methods that are easily to be detected by the program being analyzed and may also have applicability problems, especially the fact that the target program is graphically intensive.…”

Section: Related Workmentioning

confidence: 99%

“…(11) Check and mark the loops in the traversed nodes. (12) end (13) else (14) Disassemble and parse block (15) while Get instruction ins from block successfully do (16) if ins is a system call instruction or has memory operations then (17) Mark block as abort (18) break (19) else if ins is a direct unconditional jump instruction then (20) Construct the node of target block, and push it to stack_dfs (21) break (22) else if ins is a conditional branch instruction then (23) Construct all successor nodes of block, and push them to stack_dfs (24) break (25) else if ins is an indirect branch instruction or other transfers then (26) Mark block as pending, and save the traversed nodes and execution paths (27) break (28) else if ins is the end_ins then (29) Mark block as the end (30) break (31) else (32) Save the parse result to block en we still need to reexecute part of the instructions in the paths to obtain the real execution path. For two possible…”

Section: Intercepting All Memory Reads and Writesmentioning

confidence: 99%

BAHK: Flexible Automated Binary Analysis Method with the Assistance of Hardware and System Kernel

Pan

Zhuang

Sun

2020

Security and Communication Networks

View full text Add to dashboard Cite

To protect core functions, applications often utilize the countermeasure techniques such as antidebugging to avoid analysis by outsiders, especially the malware. Dynamic binary instrumentation is commonly used in the analysis of binary programs. However, it can be easily detected and has stability and applicability problems as it involves program rewriting and just-in-time compilation. This paper proposes a new lightweight analysis method for binary programs with the assistance of hardware features and the operating system kernel, named BAHK, which can automatically analyze the target program by stealth and has wide applicability. With the support of underlying infrastructures, this paper designs several optimization strategies and specific analysis approaches at instruction level to reduce the impact of fine-grained analysis on the performance of target program so that it can be well applied in practice. The experimental results show that the proposed method has good stealthiness, low memory consumption, and positive user experience. In some cases, it shows better analysis performance than the traditional dynamic binary instrumentation method. Finally, the real case studies further show its feasibility and effectiveness.

show abstract

Iodine: Fast Dynamic Taint Tracking Using Rollback-free Optimistic Hybrid Analysis

Cited by 20 publications

References 49 publications

The Taint Rabbit: Optimizing Generic Taint Analysis with Dynamic Fast Path Generation

The Taint Rabbit: Optimizing Generic Taint Analysis with Dynamic Fast Path Generation

A Reverse Modification Method for Binary Code and Data

BAHK: Flexible Automated Binary Analysis Method with the Assistance of Hardware and System Kernel

Contact Info

Product

Resources

About