Statically-Directed Dynamic Taint Analysis

Taint analysis is a popular method in software analysis field including vulnerability/malware analysis. By identifying taint source and making suitable taint propagation rules, we could directly know whether variables in software have any relationship with input data. Static taint analysis method is efficient, but it is imprecise since runtime information is lacked. Dynamic taint analysis method usually instruments every instruction in software to catch the taint propagation process. However, this is inefficient since it usually takes lots of time for context switches between original code and instrumenting code. In this paper, we propose a statically-directed dynamic taint analysis method to increase the efficiency of taint analysis process without any loss of accuracy. In this way, there is no need to instrument every instruction. Several experiments are made on our prototype SDTaint and the results show that our method is several times more efficient than traditional dynamic taint analysis method.