All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask)

Download: Paper, Slides.

“All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask)” by Edward J. Schwartz, Thanassis Avgerinos, and David Brumley. In Proceedings of the IEEE Symposium on Security and Privacy, 2010.

Abstract

Dynamic taint analysis and forward symbolic execution are quickly becoming staple techniques in security analyses. Example applications of dynamic taint analysis and forward symbolic execution include malware analysis, input filter generation, test case generation, and vulnerability discovery. Despite the widespread usage of these two techniques, there has been little effort to formally define the algorithms and summarize the critical issues that arise when these techniques are used in typical security contexts.

The contributions of this paper are two-fold. First, we precisely describe the algorithms for dynamic taint analysis and forward symbolic execution as extensions to the runtime semantics of a general language. Second, we highlight important implementation choices, common pitfalls, and considerations when using these techniques in a security context.

Download: Paper, Slides.

BibTeX entry:

@inproceedings{schwartz:2010:dynamic,
   author = {Edward J. Schwartz and Thanassis Avgerinos and David Brumley},
   title = {All You Ever Wanted to Know About Dynamic Taint Analysis and
	Forward Symbolic Execution (but might have been afraid to ask)},
   booktitle = {Proceedings of the {IEEE} Symposium on Security and Privacy},
   year = {2010}
}

(This webpage was created with bibtex2web.)

Back to publications.