Dynamic Taint Tracking using Partial Instrumentation for Java Applications

TL;DR

This paper introduces a partial instrumentation approach for dynamic taint tracking in Java applications, significantly reducing runtime overhead by instrumenting only relevant methods within source and sink sets.

Contribution

It proposes a novel partial instrumentation technique at the method level, improving performance over complete instrumentation methods in dynamic taint tracking for Java.

Findings

Significant performance improvements over complete instrumentation.

Effective static analysis using PetaBlox and Datalog.

Successful application on Dacapo benchmarks.

Abstract

Dynamic taint tracking is the process of assigning label to variables in a program and then tracking the flow of the labels as the program executes. Dynamic taint tracking for java applications is achieved by instrumenting the application ie. adding parallel variable for each actual variable of the program and inserting additional bytecode instructions to track the flow of the parallel variables. In this paper we suggest partial instrumentation to achieve dynamic taint tracking with reasonable runtime overhead. Partial instrumentation involves instrumenting only parts of a java application, which are within the scope of a predefined source and sink set. Partial instrumentation is performed at the granularity level of a method. We use PetaBlox, a large-scale software analysis tool, which internally uses Datalog[3], to perform static analysis and infers all the methods within the scope of source and sink sets and a modified version of Phosphor[1] to achieve partial instrumentation. Test runs performed on some of the Dacapo benchmarks show a significant performance improvement over the version of Phosphor that performs complete instrumentation.