FlowWalker: A Fast and Precise Off-Line Taint Analysis Framework

Author

Baojiang Cui ; Fuwei Wang ; Tao Guo ; Guowei Dong ; Bing Zhao

Author_Institution

Sch. of Comput., Beijing Univ. of Posts & Telecommun., Beijing, China

fYear

2013

fDate

9-11 Sept. 2013

Firstpage

583

Lastpage

588

Abstract

This paper presents Flow Walker, a new dynamic taint analysis framework which focuses on eliminating the bottlenecks of the existing tools. The framework proposes a multi-taint-tag assemble level taint propagation strategy. Flow Walker separates taint tracking operations from execution with an off-line structure, uses memory-mapped file to enhance IO efficiency and processes taint paths during execution playback. Based on tainted path information, this paper presents a file format cognition algorithm. According to test data, the average program execution slowdown is less than seven times as original while the speed enhancement is about 15% compared to other cognate tools on Windows, and simple file formats are correctly partitioned with all constant fields extracted. Due to its efficiency and scalability, Flow Walker can be used in further security-related researches.

Keywords

security of data; system monitoring; FlowWalker; IO efficiency; Windows; dynamic taint analysis framework; execution playback; file format cognition algorithm; memory-mapped file; multitaint-tag assemble level taint propagation strategy; Arrays; Cognition; Context; Instruction sets; Instruments; Message systems; Registers; Taint analysis; binary instrumentation; format cognition;

fLanguage

English

Publisher

ieee

Conference_Titel

Emerging Intelligent Data and Web Technologies (EIDWT), 2013 Fourth International Conference on

Conference_Location

Xi´an

Print_ISBN

978-1-4799-2140-9

Type

conf

DOI

10.1109/EIDWT.2013.105

Filename

6631683