Projects per year
Abstract
Dynamic taint analysis is a program analysis technique in which data is marked and its propagation is tracked while the program is executing. It is applied to solve problems in many fields, especially in software security. Current taint analysis platforms are limited to a single programming language, and therefore cannot support programs which, as is common today, are implemented in multiple programming languages. Current implementations of dynamic taint analysis also incur a significant performance overhead.
In this paper we address both these limitations (1) by presenting our vision of a multi-language dynamic taint analysis platform, which is built around a language-agnostic core framework that is extended by language-specific front-ends and (2) by discussing the use of speculative optimization and dynamic compilation to reduce the execution overhead of dynamic taint analysis applications. An implementation of such a platform would enable dynamic taint analyses that can target multiple languages in one analysis implementation and can track tainted data across language boundaries. We describe this approach in the context of the GraalVM runtime and its included JIT compiler, Graal, which allows us to target both dynamic and static languages.
| Original language | English |
|---|---|
| Title of host publication | MPLR 2019: Proceedings of the 16th ACM SIGPLAN International Conference on Managed Programming Languages and Runtimes |
| Publisher | ACM |
| Pages | 85-94 |
| Number of pages | 10 |
| DOIs | |
| Publication status | Published - Oct 2019 |
Fields of science
- 102 Computer Sciences
- 102009 Computer simulation
- 102011 Formal languages
- 102013 Human-computer interaction
- 102022 Software development
- 102024 Usability research
- 102029 Practical computer science
JKU Focus areas
- Digital Transformation
Projects
- 1 Active
-
Java VM Compiler Performance (Oracle)
Mössenböck, H. (PI)
01.01.2001 → 31.05.2025
Project: Contract research › Industry project