TASEL: dynamic taint analysis with selective control dependency

Abstract

Dynamic Taint Analysis (DTA) is an approach used for software testing and vulnerability analysis. The vanilla DTA method is widely used, but its simple taint propagation does not consider any control dependency. Therefore, vanilla DTA generally suffers from the under-tainting caused by control dependency. The under-tainting can be problematic when analyzers try to check vulnerabilities of software. In this paper, we propose Dynamic Taint Analysis with Selective Control Dependency (TASEL), to mitigate the under-tainting problem caused by control dependency. Our technique detects control-dependent data which have possibilities to change the program's control flows. We implemented TASEL using Intel Pin, and applied it for the commodity programs such as Microsoft Notepad. Experimental results show our proposed method successfully resolves the under-tainting problem, without causing the over-tainting problem.