Dynamic taint analysis is gaining momentum. Techniques based on dynamic tainting have been successfully used in the context of application security, and now their use is also being explored in different areas, such as program understanding, software testing, and debugging. Unfortunately, most existing approaches for dynamic tainting are defined in an ad-hoc manner, which makes it difficult to extend them, experiment with them, and adapt them to new contexts. Moreover, most existing approaches are focused on data-flow based tainting only and do not consider tainting due to control flow, which limits their applicability outside the security domain. To address these limitations and foster experimentation with dynamic tainting techniques, we defined and developed a general framework for dynamic tainting that (1) is highly flexible and customizable, (2) allows for performing both data-flow and control-flow based tainting conservatively, and (3) does not rely on any customized run-time system. We also present DYTAN, an implementation of our framework that works on x86 executables, and a set of preliminary studies that show how DYTAN can be used to implement different tainting-based approaches with limited effort. In the studies, we also show that DYTAN can be used on real software, by using FIREFOX as one of our subjects, and illustrate how the specific characteristics of the tainting approach used can affect efficiency and accuracy of the taint analysis, which further justifies the use of our framework to experiment with different variants of an approach.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Hiralal Agrawal , Joseph R. Horgan, Dynamic program slicing, Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation, p.246-256, June 1990, White Plains, New York, United States
	2	G. Balakrishnan and T. Reps Analyzing Memory Accesses in x86 Executables. In Proc. Int. Conf. on Compiler Construction (CC04), pages 5--23, 2004.
	3	Jim Chow , Ben Pfaff , Tal Garfinkel , Kevin Christopher , Mendel Rosenblum, Understanding data lifetime via whole system simulation, Proceedings of the 13th conference on USENIX Security Symposium, p.22-22, August 09-13, 2004, San Diego, CA
	4	C. Cifuentes Reverse Compilation Techniques. PhD Thesis: Queensland University of Technology, July 1994
	5	I. Corporation. IA-32 Intel Architecture Software Developer's Manual. Intel Corporation, 2006.
	6	V. Haldar, D. Chandra, and M. Franz. Dynamic Taint Propagation for Java. In Proceedings of the 13th International World Wide Web Conference (WWW04), pages 40--52, 2005.
	7	William G. J. Halfond , Alessandro Orso , Panagiotis Manolios, Using positive tainting and syntax-aware evaluation to counter SQL injection attacks, Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering, November 05-11, 2006, Portland, Oregon, USA  [doi>10.1145/1181775.1181797]
	8	Jingfei Kong , Cliff C. Zou , Huiyang Zhou, Improving software security via runtime instruction-level taint checking, Proceedings of the 1st workshop on Architectural and system support for improving software dependability, p.18-24, October 21-21, 2006, San Jose, California  [doi>10.1145/1181309.1181313]
	9	Bogdan Korel , Satish Yalamanchili, Forward computation of dynamic program slices, Proceedings of the 1994 ACM SIGSOFT international symposium on Software testing and analysis, p.66-79, August 17-19, 1994, Seattle, Washington, United States  [doi>10.1145/186258.186514]
	10	Lap Chung Lam , Tzi-cker Chiueh, A General Dynamic Information Flow Tracking Framework for Security Applications, Proceedings of the 22nd Annual Computer Security Applications Conference on Annual Computer Security Applications Conference, p.463-472, December 11-15, 2006  [doi>10.1109/ACSAC.2006.6]
	11	T. Leek, G. Baker, R. Brown, M. Zhivich, and R. Lippmann. Coverage Maximization using Dynamic Taint Tracing. Technical Report TR-1112, MIT Lincoln Laboratory, 2007.
	12	Chi-Keung Luk , Robert Cohn , Robert Muth , Harish Patil , Artur Klauser , Geoff Lowney , Steven Wallace , Vijay Janapa Reddi , Kim Hazelwood, Pin: building customized program analysis tools with dynamic instrumentation, Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation, June 12-15, 2005, Chicago, IL, USA
	13	Wes Masri , Andy Podgurski , David Leon, Detecting and Debugging Insecure Information Flows, Proceedings of the 15th International Symposium on Software Reliability Engineering (ISSRE'04), p.198-209, November 02-05, 2004  [doi>10.1109/ISSRE.2004.17]
	14	S. McCamant and M. D. Ernst. Quantitative Information-Flow Tracking for C and Related Languages. Technical Report MIT-CSAIL-TR-2006-076, MIT Computer Science and Artificial Intelligence Laboratory, Cambridge, MA, November 2006.
	15	Andreas Moser , Christopher Kruegel , Engin Kirda, Exploring Multiple Execution Paths for Malware Analysis, Proceedings of the 2007 IEEE Symposium on Security and Privacy, p.231-245, May 20-23, 2007  [doi>10.1109/SP.2007.17]
	16	Andrew C. Myers, JFlow: practical mostly-static information flow control, Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.228-241, January 20-22, 1999, San Antonio, Texas, United States  [doi>10.1145/292540.292561]
	17	J. Newsome and D. Song. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2005), 2005.
	18	A. Nguyen-Tuong, S. Guarnieri, D. Greene, J. Shirley, and D. Evans. Automatically Hardening Web Applications Using Precise Tainting. In 20th IFIP International Information Security Conference, 2005.
	19	T. Pietraszek and C. V. Berghe. Defending Against Injection Attacks Through Context-Sensitive String Evaluation. In Proceedings of Recent Advances in Intrusion Detection (RAID 2005), 2005.
	20	François Pottier , Vincent Simonet, Information flow inference for ML, Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.319-330, January 16-18, 2002, Portland, Oregon
	21	Feng Qin , Cheng Wang , Zhenmin Li , Ho-seop Kim , Yuanyuan Zhou , Youfeng Wu, LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks, Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture, p.135-148, December 09-13, 2006  [doi>10.1109/MICRO.2006.29]
	22	G. Edward Suh , Jae W. Lee , David Zhang , Srinivas Devadas, Secure program execution via dynamic information flow tracking, Proceedings of the 11th international conference on Architectural support for programming languages and operating systems, October 07-13, 2004, Boston, MA, USA
	23	Neil Vachharajani , Matthew J. Bridges , Jonathan Chang , Ram Rangan , Guilherme Ottoni , Jason A. Blome , George A. Reis , Manish Vachharajani , David I. August, RIFLE: An Architectural Framework for User-Centric Information-Flow Security, Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, p.243-254, December 04-08, 2004, Portland, Oregon  [doi>10.1109/MICRO.2004.31]
	24	J. Wilander and M. Kamkar. A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention. In Proceedings of the 10th Network and Distributed System Security Symposium, pages 149--162, San Diego, California, February 2003.
	25	Wei Xu , Sandeep Bhatkar , R. Sekar, Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks, Proceedings of the 15th conference on USENIX Security Symposium, p.9-9, July 31-August 04, 2006, Vancouver, B.C., Canada