Taint Analysis Classification

  1. Explicit Analysis How taint propagates based on the data dependencies between variables.

  2. Implicit Analysis How taint propogates through condition instructions based on the control dependencies between variables.

Read more »

1. Tool Categories

Existing taint analysis tools can be divided into three categories.

a. Dynamic Taint Analysis

The first category of tools track the information flow from taint source to taint sink at runtime following the execution trace. Most of these dynamic analysis tools are built on the top of dynamic binary instrumentation (DBI) framework such as Pin and Valgrind. These tools dynamically insert analysis code into the target executable while the executable is running. Some other tools like PolyTracker work as an LLVM Pass that instruments taint tracking logic into the programs during compilation to perform taint analysis with lower overhead. Such tools always ship with their own compiler, for example, polybuild and polybuild++ of Tool PolyTracker. Given a specific input, the dynamic analysis tools will track how the taint is propagated along the executed path.

Read more »

1. Tool Categories

Existing taint analysis tools can be divided into three categories.

a. Dynamic Taint Analysis

The first category of tools track the information flow from taint source to taint sink at runtime following the execution trace. Most of these dynamic analysis tools are built on the top of dynamic binary instrumentation (DBI) framework such as Pin and Valgrind. These tools dynamically insert analysis code into the target executable while the executable is running. Some other tools like PolyTracker work as an LLVM Pass that instruments taint tracking logic into the programs during compilation to perform taint analysis with lower overhead. Such tools always ship with their own compiler, for example, polybuild and polybuild++ of Tool PolyTracker. Given a specific input, the dynamic analysis tools will track how the taint is propagated along the executed path.

Read more »

Good Examples: 1. http://iacoma.cs.uiuc.edu/iacoma-papers/ssp19.pdf 2. https://www.usenix.org/system/files/sec20spring_yan_prepub.pdf

Read more »

3 qualities of successful Ph.D. students: http://matt.might.net/articles/successful-phd-students/

10 reasons Ph.D. students fail: http://matt.might.net/articles/ways-to-fail-a-phd/

The Ph.D. Grind: https://www.goodreads.com/book/show/15731248-the-ph-d-grind

Faculty Job Search: https://pg.ucsd.edu/guo-faculty-job-search.pdf

Advance: https://pg.ucsd.edu/early-stage-PhD-advice.htm

SoK Paper: Oakland

Read more »
0%