TL;DR
The Taint Rabbit introduces a JIT-based approach with fast path generation for generic taint analysis, significantly reducing overhead and bridging the performance gap with specialized trackers.
Contribution
It presents a novel JIT and fast context switching technique for generic taint analysis, improving performance over existing methods.
Findings
Taint Rabbit achieves 1.7x overhead on benchmarks.
It outperforms Dytan's 237x overhead.
Bridges performance gap to specialized trackers.
Abstract
Generic taint analysis is a pivotal technique in software security. However, it suffers from staggeringly high overhead. In this paper, we explore the hypothesis whether just-in-time (JIT) generation of fast paths for tracking taint can enhance the performance. To this end, we present the Taint Rabbit, which supports highly customizable user-defined taint policies and combines a JIT with fast context switching. Our experimental results suggest that this combination outperforms notable existing implementations of generic taint analysis and bridges the performance gap to specialized trackers. For instance, Dytan incurs an average overhead of 237x, while the Taint Rabbit achieves 1.7x on the same set of benchmarks. This compares favorably to the 1.5x overhead delivered by the bitwise, non-generic, taint engine LibDFT.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
