All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask)
Top Cited Papers
- 1 January 2010
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- p. 317-331
- https://doi.org/10.1109/sp.2010.26
Abstract
Dynamic taint analysis and forward symbolic execution are quickly becoming staple techniques in security analyses. Example applications of dynamic taint analysis and forward symbolic execution include malware analysis, input filter generation, test case generation, and vulnerability discovery. Despite the widespread usage of these two techniques, there has been little effort to formally define the algorithms and summarize the critical issues that arise when these techniques are used in typical security contexts. The contributions of this paper are two-fold. First, we precisely describe the algorithms for dynamic taint analysis and forward symbolic execution as extensions to the run-time semantics of a general language. Second, we highlight important implementation choices, common pitfalls, and considerations when using these techniques in a security context.Keywords
This publication has 38 references indexed in Scilit:
- RWset: Attacking Path Explosion in Constraint-Based Test GenerationPublished by Springer Science and Business Media LLC ,2008
- Automatically Identifying Trigger-based Behavior in MalwarePublished by Springer Science and Business Media LLC ,2007
- A Decision Procedure for Bit-Vectors and ArraysPublished by Springer Science and Business Media LLC ,2007
- Dynamic Analysis of Malicious CodeJournal of Computer Virology and Hacking Techniques, 2006
- Efficient weakest preconditionsInformation Processing Letters, 2005
- Execution Generated Test Cases: How to Make Systems Code Crash ItselfLecture Notes in Computer Science, 2005
- CVC Lite: A New Implementation of the Cooperating Validity CheckerLecture Notes in Computer Science, 2004
- Language-based information-flow securityIEEE Journal on Selected Areas in Communications, 2003
- Enforceable security policiesACM Transactions on Information and System Security, 2000
- The program dependence graph and its use in optimizationACM Transactions on Programming Languages and Systems, 1987