The Taint Rabbit: Optimizing Generic Taint Analysis with Dynamic Fast Path Generation
This addresses performance bottlenecks in software security tools for developers and analysts, offering a significant improvement over existing generic methods.
The paper tackles the high overhead problem in generic taint analysis for software security by proposing the Taint Rabbit, which uses just-in-time generation of fast paths and dynamic context switching, achieving an average overhead of 1.7x compared to 237x for Dytan and close to 1.5x for specialized trackers.
Generic taint analysis is a pivotal technique in software security. However, it suffers from staggeringly high overhead. In this paper, we explore the hypothesis whether just-in-time (JIT) generation of fast paths for tracking taint can enhance the performance. To this end, we present the Taint Rabbit, which supports highly customizable user-defined taint policies and combines a JIT with fast context switching. Our experimental results suggest that this combination outperforms notable existing implementations of generic taint analysis and bridges the performance gap to specialized trackers. For instance, Dytan incurs an average overhead of 237x, while the Taint Rabbit achieves 1.7x on the same set of benchmarks. This compares favorably to the 1.5x overhead delivered by the bitwise, non-generic, taint engine LibDFT.