Please enable JavaScript.
Coggle requires JavaScript to display documents.
2010 - All You Ever Wanted to Know About
Dynamic Taint Analysis and…
2010 - All You Ever Wanted to Know About
Dynamic Taint Analysis and Forward Symbolic Execution
(but might have been afraid to ask)
Information
Dynamic Taint Analysis
Runs a program and observes which computations are affected by predefined taint sources such as user input.
Any program value whose computation depends on data derived from a taint source is considered tainted
while any other value is considered untainted
Taint policy
-
Taint Checking
Taint status values are often used to determine the runtime behavior of a program, e.g., an attack detector may halt execution if a jump target address is tainted.
-
Problem
Undertainting
Dynamic taint analysis does not properly handle some types of information flow and misses some data flow that should be tainted.
-
-
-
Tainted Addresses
Memory operations involve two values: the address of the memory cell being referenced, and the value stored in that cell.
-
-
-
Dynamic Analysis
-
-
Application
-
Malware Analysis
Analyze how information flows through a malware binary , explore trigger-based behavior, and detect emulators.
-
-
-